|
|
|
|
|
|
by abigail95
1147 days ago
|
|
|
That would make any EU company running a server in a country without an EU data processing treaty illegal, because the IP address would be in the TCP handshake. Edit: It would also violate using any networks that transit such countries, because TLS and TCP handshake info might be PII too. I find that such a ridiculous position to have re GDPR. 1P already has consent from users for its apps to use the network to connect to their services. They do not need an additional agreement ie opt-in consent. If they are collecting non-PII they can use the current opt out. |
|
|
Yes, and this is the current situation with the US following Schrems II. Obviously, lots of companies are non-compliant as everyone is waiting for a diplomatic solution following the ruling against Privacy Shield.
> 1P already has consent from users for its apps to use the network to connect to their services.
They probably rely on the strictly necessary legal basis for network connections that are required to run the service. However, each purpose much have its own legal basis and you cannot bundle purposes. For example, you cannot gain consent to process given personal data for one purpose and then process it for another purpose.
Consent must be bound to one or several specified purposes which must then be sufficiently explained.