zlacker

[parent] [thread] 2 comments
1. darkno+(OP)[view] [source] 2020-04-21 17:59:45
As an end user, can you provide me with all of the event data you have collected about me? Or does Stripe help sites that integrate stripe.js to respond to data requests?

Ie, CCPA / GDPR says I have the right to see and correct it if I live in one of those jurisdictions.

replies(2): >>lmkg+M8 >>lrpubl+Ba
2. lmkg+M8[view] [source] 2020-04-21 18:47:35
>>darkno+(OP)
CCPA has a Right to Access like GDPR does, but it does not have a Right to Rectification.

Under both laws, if Stripe claims to be a Processor/Service Provider, then they have an obligation to facilitate sites using Stripe to respond to access requests. But they have no obligation to process those requests themselves. I think CCPA requires they direct you to the actual Controller, but that's one aspect of CCPA that has changed since December.

3. lrpubl+Ba[view] [source] 2020-04-21 18:58:50
>>darkno+(OP)
You could send a subject access request to dpo@stripe.com - it would be interesting to see how they respond if you share the unique identifier mentioned in the article.
[go to top]