He's making a list
He's checking in twice
He's gonna find out who's naughty and nice
Santa Claus is in contravention of article 4 of the General Data Protection Regulation (EU) 2016/679
Replies (9)
Please login or register to join the discussion.
I sent that to a friend of mine whose job includes data security. His response was as follows.
"As others have pointed out, no he isn’t.
The list is required (and the associated special information [good/bad]) in order to perform the task to which the data subjects have been signed up to (by their parents).
Now if Santa’s List is generated independently from other sources, well, yep, got him there.
He may be in contravention of several equality laws though.
And I know that that is a massive oversimplification."
He's normally much more fun.
“to which the data subjects have been signed up to (by their parents).”
Assuming the children are under 13. 13 and over, the parents won’t be able to give consent on their behalf.
A 14 yr old writes to Santa with a list of presents, that’s fine, but then he asks the parent whether they’ve been good or bad - surely that’s information gathered from a third party?
To be fair, the fact that he's spying on sleeping children is going to land him in a heap more trouble than his GDPR breaches.
Add to that the annual trespassing so that he can "empty his sack" in your home...
I fear Santa may soon be joining a growing list of previously "harmless" gentleman who are now best to be avoided...
He could just save all the headache and remove all the kids from his list and ask them all to opt back in again...
"Gosh kids, I know it's terrible you don't have any presents this year, but when Santa emailed you to ask you to confirm you were happy for him to contact you and your parents to confirm your naughtiness going forwards you didn't reply, so Santa's hands are tied..."