top | item 17152707

(no title)

lordlarm | 7 years ago

The 'loophole' here would be the definition of 'legitimate intrests', where businesses can defend not giving users a choice in many of these matters due to the activity being critical for the service to work or the business to survive.

I.e. Facebook _could_ argue that users would have to have their data collected and analysed, as this would enable them to sell ads which in turn is their core interest.

Another example could be automatic enrollment into newsletters or data collection/analyzation with the option to opt-out by going to settings. You don't _have_ to give users the explicit consent checkbox during signup if you can defend the activity by it being in your legitimate interests.

This article goes into more detail: https://medium.com/mydata/five-loopholes-in-the-gdpr-367443c...

discuss

tazjin|7 years ago

Somebody on Reddit posted a list of Tumblr's "partners" that they share data with by default: https://i.imgur.com/YCNvEMa.png

I'm finding it difficult to believe that they can come up with a "legitimate interest" for all of those that would also actually hold up in court.

BonesJustice|7 years ago

Good lord. I’m glad we’re finally getting the chance to see just how pervasive this problem is.

eli|7 years ago

I think those are just the members of the new IAB consent framework. This is how programmatic ads work, you "partner" with a bunch of ad networks and serve an ad from whichever is paying the most at that moment.

dmitriid|7 years ago

Twitter’s “partners” are the same (you can request a list from your privacy settings)

piokoch|7 years ago

Yes and I think because of that 'legitimate interest' clause companies like Facebook will be allowed to work as ususal.

I am not big Facebook fun, but I understand that they business model relays on selling targeted ads, so they have 'legitimate interest' to track their users, because otherwise they would have to go out of business - I don't think it should be possible to force someone to radically change business model because of GDPR.

The interesting part is that GDPR is something that will be enforced an the countries level, so each country might have different interpretation of that clause and I see that there will be competition among countries who will offer 'better' interpretation from business perspective.

bjl|7 years ago

Actually 'my business model depends on it' isn't a legitimate interest. That clause only applies when the service itself relies on it (a real-time maps service requiring location data, for example).