undefined | Better HN

0 pointspharmakom2y ago0 comments

Yeah and the Legal Basis will be something like “we need to track users to improve our services”

0 comments

6 comments · 2 top-level

seanhunter2y ago· 4 in thread

That's not a lawful basis under GDPR. There are only 6.[1]

(a) Consent

(b) Contract

(d) Vital interests

(e) Public task

(f) Legitimate interests

What a lot of companies are trying to do right now is weasel through under "legitimate interests" (eg a lot of scumbag seo-monkey websites have cookie consent dialogs stuffed with "legitimate interest" switches even though that doesn't work the way they think), but it's not clear that "improving my services at the expense of people's privacy" would pass the "legitimate interest" test if that ever goes to court. Legitimate interest requires them to pass "purpose", "necessity" and "balancing" tests. The "balancing" test in particular balances the companies interests against the interest of the user in maintaining privacy. Here's more about "legitimate interest" under GDPR.[2] it's not the get-out clause that people seem to think.

[1] https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...

[2] https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...

Nextgrid2y ago

It doesn't matter what the law says if it's not being enforced. Much more blatant GDPR breaches are still going unpunished, so do you really think they are going to audit every single website to make sure they comply?

troupo2y ago

Enforcement is a huge problem, that is true.

My hope is that with recent rulings against Google, Meta etc. we might see an improvement across the board. Like there's some improvement with reject buttons: https://noyb.eu/en/where-did-all-reject-buttons-come

seanhunter2y ago

Absolutely and I have to say one of the problems with the (vast) ambition of GDPR in tackling what is a huge problem is that enforcement is a massive undertaking especially when the (alleged) transgressors are these massive multinational corporations who have practically infinite resources to put into evasion.

pharmakomOP2y ago

How on earth do these HR companies that scrape LinkedIn and sell the data fall under GDPR? They claim to.

troupo2y ago

They are trying to present that as legal basis, and it's not.

j / k navigate · click thread line to collapse

0 comments