"Lawyering" on this list is pointless and will not get us anywhere. "I
think this would be compliant" and "I think this would not be compliant"
is meaningless when coming from a bunch of random engineers.
Give Canonical some credit. They're not going to go ahead with something
that they think will violate the GDPR, since that would obviously be bad
for Canonical, bad for Ubuntu, and bad for everyone else.
As a project, for legal matters, we defer to Canonical's legal staff to
make a final determination, because we have to make *a single
determination* in order to proceed with anything. This is the only
reasonable way to proceed.
I'm sure someone will disagree with any determination, because someone
always does. Law is subjective like that. But arguing on this list about
it is pointless.
Leave it to the implementors to check with Canonical legal and make sure
that the final implementation will be in compliance. The minutiae of
compliance is not a matter for this list. If you think the whole
principle would not be in compliance, then either they'll agree with you
and it won't happen, or they'll disagree with you and it will happen.
Whichever way, arguments amongst engineers on this list from a legal
perpsective will not make the slightest bit of difference.
Let's leave the legal stuff to the legal people, and focus on the
technical stuff here.