- Apr 25, 2019
The European Union’s controversial new copyright rules are on a collision course with EU data privacy rules. The GDPR guards data protection, privacy, and other fundamental rights in the handling of personal data. Such rights are likely to be affected by an automated decision-making system that’s...
Reading someone's PMs without satisfying a public interest may be a violation.
The user doesn't have to be able to delete their account, it simply needs to be deleted in a timely basis when they request for it to be done.
Data collection should be limited, although local law preempts the GDPR. The U.S. doesn't have any data retention law, to my knowledge. They tried to pass one and it went up in flames due to public outcry.
You should make users aware of exactly what data you're collecting on them.
You may want to consult a lawyer for specifics in your area.