The “Not Affiliated” Checkbox and the GDPR - CourtneyR.dev 2nd Brain

# The “Not Affiliated” Checkbox and the GDPR ![rw-book-cover](https://wpandlegalstuff.com/wp-content/uploads/2024/10/EUGDPRImage.jpg) - Author: [[Richard Best]] - Full Title: The “Not Affiliated” Checkbox and the GDPR - Document Tags: [[lawsuit]] [[Matt Mullenweg]] [[wordpress]] [[wpdrama]] [[wp engine]] ## Full Document [[Readwise/Full Document Contents/Articles/The “Not Affiliated” Checkbox and the GDPR.md|See full document content →]] ## Document Notes ## Highlights - here is a strong argument that the operator(s) of WordPress.org are subject to the GDPR in relation to their processing of EU residents’ personal data through WordPress.org. For example, there are localised versions of WordPress.org translated into the languages of some EU member states (e.g., [de.wordpress.org/](https://de.wordpress.org/)) and so services are being actively offered to EU residents, and the WordPress.org privacy statement appears to have been written on the assumption the GDPR applies. ([View Highlight](https://read.readwise.io/read/01jag9nztgpgs40w4e6c87hnpk)) - Requiring EU residents to click the “I am not affiliated with WP Engine in any way” checkbox amounts to the processing of personal data about those residents (and the login with this checkbox is appearing in European member states — I’ve checked). MM was asked whether the checkbox value is stored and he said no, but others dispute that (e.g., “‘it’s not being stored’ is bullshi[*], as logins get logged and a check is required for login, so it is being stored”). ([View Highlight](https://read.readwise.io/read/01jag9pkgde3b8wkdp17q74kx0)) - from the date the mandatory checkbox was implemented, every single person whose login screen has that checkbox and who logs into WordPress.org having clicked the checkbox can be taken to have clicked the checkbox and so, in this way, personal data is being processed. ([View Highlight](https://read.readwise.io/read/01jag9pxb15txevf48mc3b2zwp)) - There are six grounds which can be summarised as: • consent • necessary for the performance of a contract • necessary for compliance with a legal obligation • necessary to protect the vital interests of the data subject or another natural person • necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller • necessary for the purposes of the legitimate interests pursued by the controller or by a third party. ([View Highlight](https://read.readwise.io/read/01jag9q8aaa729myk0h1xty2xs)) - It is noteworthy that the owner/controller of WordPress.org is also the CEO of Automattic which is a clear competitor to WP Engine and a named defendant in the lawsuit in relation to which the checkbox is said to be a response. ([View Highlight](https://read.readwise.io/read/01jag9th5jd7cx8zav8zaafeye)) ## Full Document [[Readwise/Full Document Contents/Articles/The “Not Affiliated” Checkbox and the GDPR.md|See full document content →]]