Comment by robin_reala
8 years ago
Actually, if you’re in the EU then GDPR makes that explicit: consent for the use of collected data must be tied to granular functionality. You can’t now collect data and use it for indiscriminate purposes.
8 years ago
Actually, if you’re in the EU then GDPR makes that explicit: consent for the use of collected data must be tied to granular functionality. You can’t now collect data and use it for indiscriminate purposes.
I think (keyword think) you have that a bit mixed up. additional functionality using the same data is fine. But you cannot collect data without a specific use case. "Future features" might be a legit use, but then people should be able to opt out.
I don’t believe you’re right (though I’m welcome to be proved wrong). Assuming the consent basis, GDPR requires that consent needs to be for a given set of data and a defined processing model. You can’t process the same data in a different way without getting new consent, and you can’t collect data indiscriminately. So saying “additional functionality using the same data is fine” is true if and only if your original consent was wide enough to include that additional processing, but consent needs to be “granular” at the same time. Tbh it’s all a bit up in the air at the moment until some case law happens. Also obviously if you’re using a different basis then none of this applies.