Five Russian oil refineries set ablaze, four airfield strikes, a Lukoil offshore rig ablaze in the Caspian Sea – all in one night – noisily contradicted Trump’s claim that “Ukraine has no cards.”
DPO here. Under GDPR (the european data privacy regulation), there are a number of “legal basis” definitions for why a company would process your data. The strongest bases are the performance of a contract or a regulatory requirement, and at the other end of the spectrum, a company can process your data if you consent for them to do so.
There is a “middle” category of legal basis which is “legitimate interest,” which is for companies to process your data because it is their line of business to do so, or it is part of a reasonable business process to do so. Marketing is an example. So if you post on Reddit about a positive experience you have had with a manufacturer of PC component, that manufacturer might scrape your blog post, and add you to their CRM. They might know your email address from your LinkedIn, and they could associate that with your buying activity for example, to put you in a specific category of customer.
These GDPR popups give you the perception that you can opt out of “legitimate interest” processing, when the reality is that there is no such right afforded to you under GDPR. Therefore the site is either relying on your consent but dressing it up as legitimate interest, or they are just wrong and using the wrong terminology.
I think they enable it by default by want to cater to more privacy conscious people by allowing them to opt out, which is nice if what you say is true that they shouldn’t.
Off topic but wtf is a ‘legitimate interest’ and why do I have to untick each one individually
I think ublock origin hides that for me (might need to enable cookie notices lists if it doesn’t).
DPO here. Under GDPR (the european data privacy regulation), there are a number of “legal basis” definitions for why a company would process your data. The strongest bases are the performance of a contract or a regulatory requirement, and at the other end of the spectrum, a company can process your data if you consent for them to do so.
There is a “middle” category of legal basis which is “legitimate interest,” which is for companies to process your data because it is their line of business to do so, or it is part of a reasonable business process to do so. Marketing is an example. So if you post on Reddit about a positive experience you have had with a manufacturer of PC component, that manufacturer might scrape your blog post, and add you to their CRM. They might know your email address from your LinkedIn, and they could associate that with your buying activity for example, to put you in a specific category of customer.
These GDPR popups give you the perception that you can opt out of “legitimate interest” processing, when the reality is that there is no such right afforded to you under GDPR. Therefore the site is either relying on your consent but dressing it up as legitimate interest, or they are just wrong and using the wrong terminology.
Epic reply, thanks!
I think they enable it by default by want to cater to more privacy conscious people by allowing them to opt out, which is nice if what you say is true that they shouldn’t.