Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> If the data you are gathering is a legitimate interest (for marketing, or whatever)

Calling marketing a legitimate interest is a bit of a grey area. The ICO says that by relying on legitimate interests (i.e. not gaining consent) they need to be weighed against the impact they have on the user's privacy and own interests.[0]

So if you are showing first party ads and you aren't collecting more data than is necessary (e.g. anonymised IP address, browser, a list of articles/products the user has viewed) you are probably fine. But if you start linking this with any personal data (e.g. full IP address, email address, date of birth) or intend on sharing it with a third-party you need consent.

[0] https://ico.org.uk/for-organisations/guide-to-the-general-da...



Yes, I totally agree with that assessment. In this context, it's hard to think of a legitimate marketing purpose. Potentially you could do something like record the IP address and if the person comes back put up a banner saying, "I've noticed you were here before. If you pay $X per month, you can skip all the third party ads". That would be legitimate interest I think (you would still have to do something to allow them to object like putting on a button that said, "Never show me this again"). I can't think of any legitimate reason for passing on personal data to a third party, as you say.

Edit: Now that I think about it, the Guardian does exactly that... Probably why I thought of it LOL.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: