|
|
|
|
|
|
by laksjd
3213 days ago
|
|
|
Clicking yes might not even be necessary: I recently went to a laywer-oriented event (IANAL) that discussed the GDPR and it had a cheerful talk about "Alternatives to Consent" The talk listed all the possible ways the law allows you to store/manipulate user data without requiring explicit consent... There are a shocking number and iirc they apply basically whenever you have a direct consumer relationship with some company. |
|
|
As I see it the most relevant processing conditions for companies offering a service and storing / processing data without gaining explicit consent are likely to be 6(1)(b) - Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract 6(1)(c) - Processing is necessary for compliance with a legal obligation
My understanding is that these are far from a blank cheque to store / manipulate arbitrary personal information. Specifically, the storage and use of data in question must be provably fundamental to either provision of the relevant service in (b), or meeting legal obligations in (c).
So yes, a company providing you a service will gain the right to store certain customer details demonstrably necessary to provide that service - say hosting your email. It won't however allow arbitrary use of such data to e.g. provide targeted advertising, since such use is not fundamentally required for performance of the service. This would require a specific opt-in (and from what I recall, a failure to opt-in cannot interfere with the provision of said service - not so clear on this however).