Read on Twitter
1. Good piece on where business is up to on #GDPR & personalisation: linkedin.com/pulse/personal… However, #ePrivacy Directive sets out cookie consent req unless "strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested"
2. There is significant EU case law on "strict necessity", as well as some on "explicit" & "specific" consent. It does not really suggest a "take-it-or-leave-it" rather than opt-in approach to additional "services"/"intrusions" (depending on your perspective) is OK/"debatable".
3. Rather it strongly points to such an approach being NOT legally OK. That may be inconvenient to #ecommerce & even v silly on the part of #EUDataP. However, those factors alone cannot change the meaning of v specifically crafted law, albeit law widely bent (or ignored) online.
4. Another issue is that personalisation v often leads to processing of sensitive data eg "concerning" health or sex life or "revealing" (not necess. intentionally) philosophical beliefs or political opinions. As the techniques become more far-reaching the more likely this is.
5. The sensitive data regime is a core part of #GDPR & its central aspect is to disable vires like "legitimate interests" or contractual necessity. So to be legal #ecommerce will almost always need specific explicit freely given rescindable consent. Inconvenient but still true.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
