I can't see court in the EU ruling in favour of the employee on this specific topic.
More likely the GDPR notice is to remind people about customer data. Which is fine, that's the right thing for Tara to do. However any company using a Tara-like solution for putting customer data on would be in the wrong. That sort of practice would have failed PCI DSS even before GDPR was a thing.
That's nothing to do with my employer having my name.
- You can ring the employer up and receptionists will readily hand this information over
- Many companies host AD off site
- Business cards
It trivial to find the names of people who work in a team because it's leaked everywhere and for everything.
I guess maybe, just maybe, if you happened to work in a sensitive industry (eg secret services) then there might be a claim here, but no such organisation would host that kind of development content off site in the first place. So it's a moot argument.
The reason Tara publish their GDPR statement is very clearly regarding customer data. Arguing about names and email addresses of customer facing project managers massively misses the point of what GDPR exists for.
