[forapurpose]

> One of the requirements is that you inform users who you are sharing the data with. If you have a list of ~10 companies is allowed under GDPR, but a constantly change it list of 500 companies is not. The result massive consolidation.

Are you saying that GDPR puts a limit of between 10 and 500 on the number of companies you share data with, or are you saying that it's impractical to share a constantly changing list of 500 companies with the user?

The latter seems easy to do: Just create a webpage and keep adding the names of new companies. Email a link or the list to the user as needed. Do I misunderstand?

[PeterisP]

As the adtech data sharing usually doesn't fall under any other legal reasons that would allow you to use that data, you need to get consent for the new companies. If the user ignores your email and takes no action (doesn't opt in), you don't have their consent, and can't share their data with the new companies.

But IMHO that's the whole point, the legislation is a response to users saying that they don't really want such companies to exist - the business practice of taking my private data and sharing it to the world 500 companies will now require my explicit opt-in freely given consent (i.e no "we'll refuse service if you don't consent"). The expectation and intent of this law is that I and pretty much every one else will simply not provide that consent, and that business practice will become impractical and die out, as it should.