(no title)
miken123 | 2 years ago
How are you exactly going to submit it anonymously? Will it connect over Tor? Because if you just send it over your internet connection, it arrives with your IP address on the packets, which is PII, which makes it data processing of PII, which makes it require a legal basis to process. And it is legally uncertain that 'legitimate interest' is a valid ground for telemetry data, leaving only opt-in consent.
abigail95|2 years ago
Edit: It would also violate using any networks that transit such countries, because TLS and TCP handshake info might be PII too. I find that such a ridiculous position to have re GDPR.
1P already has consent from users for its apps to use the network to connect to their services.
They do not need an additional agreement ie opt-in consent. If they are collecting non-PII they can use the current opt out.
closewith|2 years ago
Yes, and this is the current situation with the US following Schrems II. Obviously, lots of companies are non-compliant as everyone is waiting for a diplomatic solution following the ruling against Privacy Shield.
> 1P already has consent from users for its apps to use the network to connect to their services.
They probably rely on the strictly necessary legal basis for network connections that are required to run the service. However, each purpose much have its own legal basis and you cannot bundle purposes. For example, you cannot gain consent to process given personal data for one purpose and then process it for another purpose.
Consent must be bound to one or several specified purposes which must then be sufficiently explained.