Five Russian oil refineries set ablaze, four airfield strikes, a Lukoil offshore rig ablaze in the Caspian Sea – all in one night – noisily contradicted Trump’s claim that “Ukraine has no cards.”
DPO here. Under GDPR (the european data privacy regulation), there are a number of “legal basis” definitions for why a company would process your data. The strongest bases are the performance of a contract or a regulatory requirement, and at the other end of the spectrum, a company can process your data if you consent for them to do so.
There is a “middle” category of legal basis which is “legitimate interest,” which is for companies to process your data because it is their line of business to do so, or it is part of a reasonable business process to do so. Marketing is an example. So if you post on Reddit about a positive experience you have had with a manufacturer of PC component, that manufacturer might scrape your blog post, and add you to their CRM. They might know your email address from your LinkedIn, and they could associate that with your buying activity for example, to put you in a specific category of customer.
These GDPR popups give you the perception that you can opt out of “legitimate interest” processing, when the reality is that there is no such right afforded to you under GDPR. Therefore the site is either relying on your consent but dressing it up as legitimate interest, or they are just wrong and using the wrong terminology.
DPO here. Under GDPR (the european data privacy regulation), there are a number of “legal basis” definitions for why a company would process your data. The strongest bases are the performance of a contract or a regulatory requirement, and at the other end of the spectrum, a company can process your data if you consent for them to do so.
There is a “middle” category of legal basis which is “legitimate interest,” which is for companies to process your data because it is their line of business to do so, or it is part of a reasonable business process to do so. Marketing is an example. So if you post on Reddit about a positive experience you have had with a manufacturer of PC component, that manufacturer might scrape your blog post, and add you to their CRM. They might know your email address from your LinkedIn, and they could associate that with your buying activity for example, to put you in a specific category of customer.
These GDPR popups give you the perception that you can opt out of “legitimate interest” processing, when the reality is that there is no such right afforded to you under GDPR. Therefore the site is either relying on your consent but dressing it up as legitimate interest, or they are just wrong and using the wrong terminology.