Questions regarding use of any Version of Family Historian. Please ensure you have set your Version of Family Historian in your Profile. If your question fits in one of these subject-specific sub-forums, please ask it there.
A recent post talked about seeing living people in an on-line tree, and got me thinking (dangerous I know )
Where does one draw the line?
An awful lot of personal data on living people is in official websites like gro.gov, (in the Public Domain), so if you obtained all your data via one of these sites, are you still in breach of GDPR if you publish the results of your research?
IANAL but... if you're only publishing data that is openly available (and not adding any personal knowledge etc.) you're probably Ok.
However, I err on the side of caution (and prefer to not annoy my relatives -- for example one of my sisters died last year, but her daughter has asked that I don't publish any data "yet"). I don't publish details of anyone in the generations below my parents; and for those in previous generations that I do not know for sure to be dead, I only identify them by initials (and their relationships to dead people).
Mike, not sure that Family History qualifies as personal/household activities if you publish the data online... because at that point it ceases to be personal.
Domestic purposes – personal data processed in the course of a purely personal or household activity, with no connection to a professional or commercial activity, is outside the GDPR’s scope. This means that if you only use personal data for such things as writing to friends and family or taking pictures for your own enjoyment, you are not subject to the GDPR.
tatewise wrote:
and anyway only applies to living persons.
That’s what I was talking about. When you pull birth data off the GRO website, it may be relating to a person who is still alive! Most sites have data referring to living people, which they might not be aware of. It is only in datasets like 1939 register that they take pains to redact.
I agree with Helen that the moment you publish it online you are within the scope of GDPR. I did an online course on GDPR prior to it going live and asked this question as part of the interaction with the tutor and he was of the opinion that it would be within the scope but would probably need testing to confirm his belief. To that end I have erred on the side of caution due to the level of fine that can be levied.
What does GDPR mean for my family history research? Will you be removing records from the site? Answer:
The GDPR does not cover records related to deceased individuals, therefore, most of our historic records are not affected by the new regulation.
The records we do hold about living individuals have come to our site through partnerships with public institutions and have been legally allowed to open to the public.
So if FindMyPast can publish those records, then if individuals only reproduce identical data taken from those records, it surely falls outside the scope of GDPR.
Mike Tate ~ researching the Tate and Scott family history ~ tatewise ancestry
Depends what 'processing' you've done, Mike, and how identifiable the individual named is.
If you link a publicly available record to an identifiable living individual (probably -- given the nature of family history -- in conjunction with other data about that individual, in particular their relationships) and then publish it on the web, you're almost certainly within the scope of the act. (You've processed the data to link it to other data and then published it, so it isn't personal/household activities).
If you publish a single (publicly available) record without explicitly linking it to an identifiable individual, not so much. So the GRO website is in the clear.
But if somebody publishes my birth registration online and links it to details of my parents and my siblings and then publishes it without my consent? Not legal. (No problem if they just hold in on their personal PC).
It isn't a single record that matters, it's the 'processing' that links it to other records and to an identifiable individual and then 'publishing' (so it's no longer personal).
ColeValleyGirl wrote:... If you publish a single (publicly available) record without explicitly linking it to an identifiable individual, not so much. So the GRO website is in the clear. ...
Also the GRO is intended to compile this data, index it and publish those indexes. But certainly, I would agree that compiling "authorised" snippets and linking them together is a different matter as it's creating information(?).
If we collect data from various sources about living individual, and then publish these data together then I would argue we are subject to GDPR. Particularly if that person is identifiable from the information we have published.
Last edited by David2416 on 12 Apr 2019 07:17, edited 1 time in total.
I would agree.
If we presume your reference site IS complying with the GDPR, then the person whose details they published will have given their approval for that publication. They have not given you approval to publish the same information, which makes you in breach of GDPR unless you get that person's explicit agreement.
Hmmm! I don't recall giving the GRO permission to publish my birth and marriage on their indexes? I don't suppose any of us have. Not that I'm bothered but it raises interesting questions.
Anne
There is also the fact that the GRO Indexes don't directly identify specific individuals. They just state that the Birth, Death or Marriage of a person named 'X' was registered within a particular period in time in a specific Registration District. It's applying (processing) that data alongside some other knowledge that leads to the conclusion that the Index Entry relates to a specific person. That conclusion may, of course, be accurate or entirely inaccurate; and will also be based partly on the assumption that the Index Entry itself was entered accurately!
I work for a probate genealogy company and in several areas we rely on the "legitimate business interests" part of the regulations. There is a particular requirement to be extra careful with children's data. It's rather long-winded but here is the relevant page on the Information Commissioner's Office website.
So, if I share "living" digital information via an email or say onedrive to selected person(s) via a non public link with/without a password. Is that OK.
I can imagine that if another person then made it public, they might be in trouble.
Thanks Mike and everyone else on this topic. Can of worms, and as ever lots of work for those in the legal etc professions (can't blame them for doing their job). Reminds me of one of those Orwellian states where if the authorities (or rich individuals) wants to get you, there will be some law they could get everyone with.
)
