|
|
|
|
|
|
by lucideer
1251 days ago
|
|
|
IANAL but I don't think that's what's happening here: the gp was referring to circulation figures. DOS-protective measures need insight on individual bad actors but only derived aggregate figures are needed for circulation. That's not something covered by GDPR in any way - it's extremely explicit in defining what types of data points relating to "natural persons" it covers. |
|
|
1. Collect data for DOS-prevention purposes.
2. Analyze it afterwards in aggregate for advertising purposes.
Except you can't do #2 without turning #1 into "collect data for DOS-prevention and advertising purposes", which goes beyond your legitimate interest in collecting the data.
I agree that #2 should be allowed if you'd do #1 anyway, but this isn't how the GDPR works.