this post was submitted on 11 Nov 2024
584 points (99.2% liked)

Privacy

1213 readers
118 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
584
Period tracking app refuses to disclose data to American authorities (www.newsweek.com)
submitted 3 days ago by lemmee_in@lemm.ee to c/privacy@programming.dev
113 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Duamerthrax@lemmy.world 3 points 3 days ago (1 children)

It's a German company, so I have no idea if they have an equivalent to HIPAA(USA) or if a private company would even have to comply with it.

[–] far_university190@feddit.org 4 points 3 days ago (1 children)

health data in all of eu regulated by gdpr. but did not find reference quick (lost link). but special protection on health data, hipaa is joke compared.

on other hand, all data you tell your doctor confidential (Arztschweigepflicht). legally even police or judge cannot ask for what you talk about.

[–] Duamerthrax@lemmy.world 1 points 3 days ago (1 children)

Does this company fall under those rules? Even if the person isn't a citizen of Germany?

[–] far_university190@feddit.org 5 points 3 days ago

https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en

The GDPR applies to:

  1. a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
  1. a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.

company definitely fit 1.

https://insight.thomsonreuters.com/mena/legal/posts/gdpr-breaking-down-the-general-data-protection-regulation

Does GDPR apply to non-EU citizens?

Yes, it applies to non-EU citizens under certain circumstances. The regulation is designed to protect the personal data of individuals within the EU, but its scope extends beyond EU borders. It applies to any organisation, anywhere in the world, that processes the personal data of individuals in the EU. This includes non-EU citizens who are in the EU at the time of data collection.

only location important for gdpr. but honest, bet they process all data the same. no idea if legally different, not lawyer.

if mean Artzschweigepflicht, that specific between you and doctor. was example for health data taken serious in germany.