|
|
|
|
|
|
by Nextgrid
2109 days ago
|
|
|
A legalese wall or a banner saying "by using this site you agree to ..." is not GDPR-compliant anyway: https://ico.org.uk/for-organisations/guide-to-data-protectio... Under the GDPR, any non-essential data processing (analytics, ads, marketing, etc falls into that) should be opt-in and dark patterns like pre-ticked checkboxes are not allowed. |
|
|
This isn't strictly true. Consent is only one lawful basis for processing under GDPR, and it comes with a lot of strings attached that other bases don't necessarily have, which is why so many lawyers and consultants were recommending against relying it unless it was the only way during the mad rush to GDPR compliance a few years back.
In particular, even some of the regulators have themselves indicated that marketing might be a legitimate interest of a business. Obviously the details matter here, and handing personal data over to third parties like Facebook without their knowledge or consent seems materially different to, for example, the original business sending a relevant email about a new product that is related to something that the recipient already bought from them. Time will tell how the regulators decide to handle this.