... there are plenty of reasons for businesses and public sector bodies to process the data they hold about you, without needing your consent. These are where the processing is necessary for:
- performing a contract with you, or to take steps at your request before agreeing a contract;
- complying with their own legal obligation(s);
- protecting yours or another person's vital interests (to save your life, basically);
- performing a task in the public interest or in the exercise of their official authority;
- their 'legitimate interests' (or someone else's), except where those interests are overridden by your legitimate interests or your fundamental rights which require protection of personal data.
The General Data Protection Regulation lists other non-consent grounds apply where your personal data is more sensitive: relating to criminal convictions and offences or related security measures; or where it reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership; or it is genetic or biometric data for the purpose of identifying only you; or data concerning health or your sex life or sexual orientation. National parliaments can add other grounds in local laws.
These non-consent grounds for processing are all pretty reasonable - and fairly broad. So, if you don't have the right to process my personal data on one of those grounds, why would I want you doing so?
This would seem to herald a new era in which the Big Data behavioural profiling/targeting/advertising model begins to decline, in favour of personal Apps (or open data spiders) that act as your agent and go looking for items in retailers' systems as you need it, without giving away your personal data unless or until it is necessary to do so...
No comments:
Post a Comment