Quote:
Originally Posted by brong
...
Given that there was no timely element involved:
* the exposed data was an email address
...
|
Without going into a discussion whether GDPR is relevant or applicable to Fastmail, in many cases an email address is considered personal information under GDPR. What I am trying to say is that the email address is a sensitive information and should not be released to a third party.
Moreover in this case a survey could have technically been done without releasing any email addresses to the third party, e.g.
- in-house hosted survey, or
- creating temporary forwarding addresses that are to be given to the third-party and the one email from that company could have been forwarded to the real email address.
- another option is for the survey company to create a list of links and these to be put by a script as email messages in the recipients' mailboxes or displayed in the web interface upon login.