- cross-posted to:
- dach@feddit.de
- privacyguides@lemmy.one
- cross-posted to:
- dach@feddit.de
- privacyguides@lemmy.one
“Do Not Track” is a legally binding order, German Court tells LinkedIn::Landgericht Berlin gibt Klage des vzbv gegen die LinkedIn Ireland Unlimited Company weitgehend statt
I don’t mind “essential cookies”. Otherwise I would just configure my browser to not accept them at all.
But what really interests me is what “legitimate interests” are.
But in the end it’s not about the cookies, it’s about the tracking. The technique is irrelevant.
First off, INAL, and my data protection training pre-dates the GDPR.
Things like security, fraud prevention, but also direct marketing. In the sense of a shop you already bought something at sending you an email “hey we’ve got a new shipment and you bought these teas before so we think you might like this one”. The last one has to be opt-out, and indeed be direct, they can’t do “hey check out our parter stores and have you heard of Raid Shadow Legends”. Essential in that context would only be processing information strictly necessary to fulfil the contract, which would be more restrictive than IRL (where your tea guy indeed does remember what you like).
The data you collect has to be necessary for that legitimate interest, and you have to balance it against the consumer’s right to privacy. In a nutshell: If someone would complain, or someone reasonable (legal term :) wouldn’t expect you to use the data in the way you do, better get a lawyer.
Meta tried to argue that it covers all the tracking and all the advertisement they want to do “because we have a legitimate interest to earn money and the user wants a service and privacy doesn’t matter”, they ran against a brick wall with that one. Legitimate marketing in their case would be to tell you about their other platforms.