Comment by labawi
6 years ago
Under GDPR you can use all the PII you reasonably need to provide expected services, you don't even need separate consent. But, if you have PII, the moment you use it for other purposes, or obtain/retain/share without proper cause, you are breaking the law.
IMHO, that is very reasonable.
Real world example - giving your phone number and information to your car mechanic / doctor / bank teller / plumber is reasonable. Using that information to score girls or ask donation for a puppy shelter would be considered improper.
I totally agree, and I think the GDPR is also reasonable in that it allows you to use the IP address for essential security reasons, such as blocking bad actors based on IP address - it doesn't say "thou shalt not track IP addresses", it says you need consent if you're going to use it for anything that isn't essential for security or in your end user's best interest.