top | item 22504014

(no title)

mstg | 6 years ago

Using Facebook for Business does not violate GDPR as long as it's stated in the privacy policy. Which for example Airbnb do mention (https://www.airbnb.com/terms/privacy_policy#sec201910_4).

Other situations where Facebook processes data sent by third parties to show relevant ads for said third party and not use the data to match for other ads is also legal under GDPR, since Facebook only acts as a data processor to act on behalf of said third party.

When ordering from Spreadshirt, you may be ordering from a partner that uses Facebook for Business and their privacy policy apply to you. This is also stated in Spreadshirt's privacy policy.

GDPR is not an umbrella protection for all type of tracking, even though it usually is brought up as such. It only makes sure you have insight in what is getting shared, a way to export, modify and delete said information. In shop/partner situations, you have to contact the partner to request deletion as the shop is not responsible after your approval.

I may be completely wrong, but this is my general understanding.

discuss

robin_reala|6 years ago

Just putting it in the privacy policy isn’t good enough. The general consensus is that unless you’re claiming another legal basis for your processing of data (which would be hard to argue here), consent needs to be informed, opt-in, and granular per usage. I don’t see evidence of that in this story.