(In reply to Luke Plant from comment #0)
> This bugzilla uses a suse.org SSO service that requires a long list of
> personal data fields to create an account, including address and phone
> number. For most of them I was able to enter '-' to pass validation, phone
> number was harder (I put a fake one in), but I should never be asked, they
> certainly shouldn't be required fields.
> 
> Also, the sign up page has a "I'd like to receive emails from SUSE to stay
> up-to-date on products, services, news, and promotions Privacy Policy " 
> which is pre-ticked.
> 
> All of this is against GDPR principles - I do not need to enter any of this
> info to report bugs.

You are not using the correct form for creating the account

Use the correct one, which does not have those issues

https://www.suse.com/selfreg/jsp/createOpenSuseAccount.jsp?target=http://www.opensuse.org

I don't know how I got to the original form, but it was definitely only though following links from this bugzilla and following instructions after that. When I try again, I get a form with fewer fields.

*** Bug 1130278 has been marked as a duplicate of this bug. ***

> You are not using the correct form for creating the account

One cannot possibly know which is the correct one. Read below.

> I don't know how I got to the original form, but it was definitely only though following links from this bugzilla and following instructions after that. When I try again, I get a form with fewer fields.

All login links redirect to login.microfocus.com and obviously one will register through that portal if one has no account.

This is incorrectly resolved as "Fixed".

Also bug#1130278 is incorrectly marked as duplicate of this one. It overlaps part of it but not the part which says:

> Also it is not necessary a 3rd party site (microfocus) to collect the data.

There is no clear info how one can request limitation of data processing as per GDPR in the sense:

Erasure of all unnecessary data (which is not needed for writing in forums or here) and the data shared with microfocus.

Please kindly review this and provide the proper tools for personal data control (in the hands of the user) as GDPR requires.

Thank you George for arguing that one for me, I didn't have the motivation myself :-)

Something more: It seems impossible to change personal data which is displayed in bugzilla. I have just edited my personal info through the microfocus.com account and the changes are not reflected here. Practically there is no way to control personal data.

Raising the severity to major. This is definitely against GDPR because the personal data is not in control of the user.

(In reply to George - from comment #6)
> Raising the severity to major. This is definitely against GDPR because the
> personal data is not in control of the user.

This is wrong place for this. And you assigned the bug to yourself... so what do you expect to happen? I'm only commenting because I noticed by accident and want to be helpful (I have nothing to do with GDPR anything). The place to report any GDPR requests or comments is via

https://www.suse.com/company/legal/

> And you assigned the bug to yourself... so what do you expect to happen?

As you can see I reported another bug which was marked as duplicate of this one. I have not assigned anything to myself.

And yes, I have already contacted the legal departments of SUSE and Microfocus.

https://progress.opensuse.org/issues/49880 had been created related to this report.