Thanks, Rubens -- I don't agree with that interpretation. (I think you mean the Q&A memo Section 2, right?) See memo
here. Let me know if you meant the first or a different one.
It's exactly that memo.
Since you don't agree, does that mean that your organisation is willing to pay every GDPR fine contracted parties get from following your interpretation ? Because if you are unwilling to do that, then your belief in that interpretation is not rock solid.
What I can tell you is that this risk has been flagged by that paper, by the eco model and by internal analysis of some registries, all independently of each other; which means you will likely see a good number of contracted parties following exactly the path I outlined in order to mitigate this risk.
If you see things differently, get Europeans DPAs to put that in writing, and we are all good to go.
Rubens