Law Asked by Giant Squid on August 23, 2020
I have an app/website which connects people into groups and then the group performs work in the real world. That work in the real world will occasionally require that group members talk to each other. My app/website does not have a messaging feature yet and so I’m considering my options. While I could embed a chat screen into my app/website, that is a chunk of work I’d like to avoid for the moment. Instead, I’m considering other well supported messaging options such as email or SMS. Specifically, launching the default email or SMS app on the user’s device. Since the point of the messaging is for members of the group to message each other, this would require that I hand over one group member’s personal data (i.e. email address or phone number) to another group member. I understand that under GDPR I need to get specific consent for this use case when I first collect their personal data. If I get this consent, have I fully complied with the GDPR rules in the scenario I’ve described?
Does the user who my app/website gives the personal data to have any obligations under GDPR?
Does launching the native email app (or SMS app) with a fellow group member’s personal data have legal issues beyond GDPR?
If I get this consent, have I fully complied with the GDPR rules in the scenario I've described?
You have covered one potential basis for acquiring the details, but I would argue "legitimate interest" is probably more apt: the app is designed to connect people and have them communicate, so you have a legitimate interest in collecting details so people can do just that.
There will be other rules around storing and protecting any personal information. The UK's Information Commissioner's Office has an excellent guide on GDPR obligations which I recommend reading.
Does the user who my app/website gives the personal data to have any obligations under GDPR?
Yes. They may well be considered a "controller" for the purposes of GDPR and would have associated obligations to safeguard the data, only use it for necessary purposes, and so on.
Does launching the native email app (or SMS app) with a fellow group member's personal data have legal issues beyond GDPR?
It's possible. We don't have enough detail to comment on other potential legal issues that may arise.
Correct answer by Matthew on August 23, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP