Comment on Meta's new ‘AI Mode’ on Facebook pulls from public info across its platforms

cattywampus@lemmy.world ⁨23⁩ ⁨hours⁩ ago

• remotelove@lemmy.ca ⁨22⁩ ⁨hours⁩ ago

  More often than not, GDPR data deletion requests work for just about anyone. Companies don’t really have the time to validate what country you are currently in so these kinds of processes are usually just generic. (It’s a compliance requirement and usually only gets the bare-minimum effort and funding to develop correctly.) Since any company asset is in-scope for compliance regardless of the country, companies that reside in the EEA must also purge any data for servers that may be outside of the country.

  It never hurts to attempt a data deletion under the context of GDPR, regardless of your country, is my point.

  But just to clarify “it depends on the country”: Of course it does, but the country where the company is based out of, not where their servers are located. (Of course there are one-offs or weird situations. That kind of “data protection” is expensive and reserved for bulk data that companies really need to hide or keep out of scope of compliance.)

  source

  • cattywampus@lemmy.world ⁨21⁩ ⁨hours⁩ ago

    Very fair point. I still have personal doubts about data on foreign servers. Is there a third party actually verifying they are obeying the law?

    source

    • remotelove@lemmy.ca ⁨20⁩ ⁨hours⁩ ago

      Compliance audits are usually handled by a third party and I am only familiar with SOC2, SOX, PCI and ISO270001. GDPR is a beast, from what understand. I do suspect it’s also ran by a third party during an audit period.

      Most of the above compliance programs require network architecture reviews and checks to ensure that their policies actually match how their internal processes and software actually works. This typically includes compliance enforcement mechanisms, such as what we were discussing.

      source