[bmcn2020]

If you're tracking a user in the EU, you need consent. The GDPR doesn't cover the 'how' -- just that it needs to be done. So, if there's tracking of any kind, you'll need consent.

Applies off site as well -- pretty much every cold email tracking software, like Yesware, is in violation of GDPR, since you didn't get the recipient's consent to track their opens and clicks.

[mpitt]

Consent is one of the legal bases for processing personally identifiable information[1]. There are five more, among which "legitimate interest" can cover a variety of cases.

[1] https://ico.org.uk/for-organisations/guide-to-data-protectio...

[guillem_lefait]

Yeah, but the "legitimate interest" implies that the processing is necessary (because it override your consent). In which context and what kind of analytics is really necessary ? Analysis of the incoming channels ? Understanding if there are some technical problems ? Comparing engagement from different marketing solutions ?

I'm working on that market and find that interpretation is quite difficult as soon as you have multiple actors around the table. Example: because recommendations from DPAs are not exactly the same, then you may have different requirements of the same company from different country legal department within the UE.

[dwheeler]

One interesting thing about consent under the gdpr is that users can later withdraw consent, and if that is your only legitimate reason, then you have to get rid of all the related data. It's best if you can show that there are multiple legal bases.