How would a company decide that something should be “legitimate interest” vs “consent”?

EDIT: Definition of “Legitimate Interest”, when hovering over the question mark.

How does legitimate interest work?

Some vendors are not asking for your consent, but are using your personal data on the basis of their legitimate interest.

  • sznowicki@lemmy.world
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    4 months ago

    It may not be a pure nonsense. It might be that according to GDPR the company is eligible for some data use but according to telecommunication law needs still consent to even send this data.

    Example: company X analyses their traffic on the backend by aggregating logs per user in a anonymised way because they want to know how many users in a given country uses their product Y. They can do it without any consent as the data is in their system anyway and it is a legitimate interest to know facts about their own product.

    Now they want to enrich this by tracking whether the user clicked a homepage banner or a footer link in order to open that product page. This tracking is made on the browser with javascript by sending an AJAX request with a click event. This is still valid for GDPR but not for telecom law that says (German example from TTDSG) you’re not allowed to send anything from a user device unless it’s required for service or you have consent.

    Then this kind of consent would make sense.

    In the OP example I go with bullshit though. It’s most likely pretending to be compliant while breaking the law.