GDPR/sender-ip (was: make received-header on submission optional or at least drop the ip in it)

John Fawcett john at voipsupport.it
Wed Jan 5 18:00:19 UTC 2022


On 05/01/2022 18:36, Sam Kuper wrote:
> On Wed, Jan 05, 2022 at 06:00:31PM +0100, John Fawcett wrote:
>> my understanding of the GDPR legislation is that it defines what is
>> considered lawful processing. One of those items that makes the
>> processing lawful is consent.
> Not necessarily.
>
> An action that would not be lawful without consent is not automatically
> made lawful with consent, including under GDPR.
>
Correct there could be other reasons that make processing unlawful. 
However, GDPR will allow processing if the data subject consents and I 
think taht is what we are talking about in this thread.
>
>> If I send an email to a public mailing list I think it's fair to say
>> that I am providing consent.
> Again, not necessarily.
>
> First of all, consent cannot necessarily be assumed.
Correct that it cannot necessarily be assumed. But in this case I think 
it would be fair to assume it when someone sends an email to a public 
mailing list that consent has been given. I cannot see how having sent 
an email to a public mailing list I can then object to people processing 
it. Although it's not a question about GDPR, if I DID then change my 
mind, I cannot see a technical way to enforce it.
>
> Secondly, a person sending an email to a mailing list might very well
> consent for the mailing list's recipients to receive the content,
> subject, and reply address of that email - but *not* the IP address from
> which it was sent.
Correct. That is why I mentioned as an alternative "request that your 
users consent to the processing of the data".
>
>
> Sam
>
>



More information about the dovecot mailing list