undefined | Better HN

0 pointsdogma11385y ago0 comments

No but it’s a valid business model.

It’s not upto the DPAs to regulate things at this level just like you could run an astrology service and collect PII to give people readings, astrology is horseshit but you won’t run into issues with GDPR if you request users to give you their birthday and email to get spammed with BS on a daily basis.

0 comments

alkonaut5y ago

> you could run an astrology service and collect PII to give people readings

Processing or possibly even keeping a birthdate for an astrology newsletter is clearly a legitiamate interest for the subscriber of that newsletter.

> but it’s a valid business model.

What is? Showing ads to provide a service is a valid business model yes. Showing tracking ads or blocking those who don't accept the ads - no.

But "I need to show the ads to keep the lights on" is NOT a legitimate interest to the visitor. The reason for handling the personal infrmation needs to be a hard requirement to provide service itself. Not merely part of the "business model". You cannot set up a separate service (paid subscription) and argue that because that other service exists, your ad-funded service deserves special exceptions from the GDPR e.g. that it can show ads which are tracked or else users are blocked. It's pretty clear in the regulation that "cookie walls" aren't allowed, just like pre-checked/assumed consent isn't.

dogma1138OP5y ago

Legitimate interest as defined in the GDPR isn’t that of the user, it’s that of the business.

You can provide users with a binary choice, as long as it’s all or nothing and the free service and paid service are separate it’s acceptable.

alkonaut5y ago

Legitimate interest can be for anything (user, business, society as a whole) but it's still highly questoinable whether sharing peoples PII for ads alone is a legitimate interest (It's not clear it isn't either - the text is deliberately vague). What's clear is that you can't show people "by entering you accept to". You have to show them an opt out and if they opt out they need to get a service that is as good as if they opt in. Binary choice shouldn't help - if that has been a judgement it's very dubious imho.

1 more reply

j / k navigate · click thread line to collapse

0 comments

alkonaut5y ago

> you could run an astrology service and collect PII to give people readings

Processing or possibly even keeping a birthdate for an astrology newsletter is clearly a legitiamate interest for the subscriber of that newsletter.

> but it’s a valid business model.

What is? Showing ads to provide a service is a valid business model yes. Showing tracking ads or blocking those who don't accept the ads - no.

dogma1138OP5y ago

Legitimate interest as defined in the GDPR isn’t that of the user, it’s that of the business.

You can provide users with a binary choice, as long as it’s all or nothing and the free service and paid service are separate it’s acceptable.

alkonaut5y ago

1 more reply

j / k navigate · click thread line to collapse