|
|
|
|
|
|
by AndrewKemendo
1083 days ago
|
|
|
All personal data collection should be opt-in only So if you have data on someone that is attributable to their person, then the only legal way to store that is with the approval and consent of the individual who created it for the explicit and narrow purposes the data is being used for. So for example if you use any personal data for scoring in recommendation systems, then that specific use case must be agreed to by the user. If you use personal data to cluster people into affinity groups that are then shown different content than other groups, that explicit use case must be agreed to by the user. etc... The enforcement mechanism is simple: Attributable personal data that is found to be stored without consent must be: 1. Immediately deleted
2. All previous revenues derived from the data will be transferred to the user in question That rule + enforcement mechanism should put concrete boots on everyone collecting data. |
|
|