(no title)
ramboram | 5 years ago
> It is allowed to sell personal data under the GDPR subject to receipt of consent for it from data subject and compliance with the rights of data subject even if it decided to exercise the right to object or the right to be forgotten.
Source: https://legalitgroup.com/en/gdpr-requirements-to-selling-of-...
takezo|5 years ago
I also came across this which was fascinating: ZoomInfo offers a free product that you have to connect with your email. Once you do, they scrape EVERY single contact in your email to enrich their database.
So, technically, it is YOU who has signed over your entire contact list data to ZoomInfo and agreed to their Terms and Conditions which states that they can now sell YOUR DATA (your email and everyone else's in your contact list)
https://www.vice.com/en/article/y3zqbw/zoominfo-privacy-laws
ramboram|5 years ago
guitarbill|5 years ago
Where this falls down in practice can be clearly seen e.g. from UK's Information Commissioner's Office [0] (despite Brexit still one of the most readable English-language sources of the GDPR):
> Consent must be freely given; this means giving people genuine ongoing choice and control over how you use their data.
> Consent should be obvious and require a positive action to opt in. Consent requests must be prominent, unbundled from other terms and conditions, concise and easy to understand, and user-friendly.
> If you make consent a precondition of a service, it is unlikely to be the most appropriate lawful basis.
The way companies really get away with it is that the data protection agencies are understaffed, inundated, focussed on big targets, and the GDPR doesn't allow individuals to file suit.
[0] https://ico.org.uk/for-organisations/guide-to-data-protectio...