Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Funding is a legitimate interest, it's at the very foundation of legitimate interests: companies need to make money to exist. "We need this to make money" is basically all they have to say - it's why Google/FB Remarketing, Cross-Network ID-Sync so all the networks have a unique ID of you when they talk to each other etc is still a thing.

The difference is that they now have to inform you that they are doing it, who is involved and who to direct requests for information / deletion to.



> Funding is a legitimate interest, it's at the very foundation of legitimate interests: companies need to make money to exist.

I think "legitimate interest" has a different meaning in the context of GDPR. I'm fairly certain about this, but you don't need to take my word for it: https://duckduckgo.com/?q=gdpr+%22legitimate+interest%22&t=h...

As I said: if your interpretation was correct (in this context) it would be a loophole so big it would make the rule meaningless.

> The difference is that they now have to inform you that they are doing it...

I don't think so. AFAIK the difference is they now need to make it opt in and voluntary.


> As I said: if your interpretation was correct (in this context) it would be a loophole so big it would make the rule meaningless.

That's my point - actually, not a lot has changed. There's just larger fines and more bureaucratic hoops.

It's why you still do see all kinds of tracking - but you'll now get information about it.


Did you try the search I gave you?


Yes, and I've also talked about this on multiple occasions with a lawyer friend who works in privacy law. A typical claim to legitimate interests would be for optimizing the website and ads on the website for example. It's so commonly used exactly because it's a very simple one-size-fits-all approach.

I have not heard statements going against this from any lawyers.


Was this a European or American lawyer?

I'm interested because my understanding has been most Europeans understood it the same way I did.


European, from Germany.


Wow.

Not saying I fully believe that explanation yet, but I'll try to find out more.

BTW and FWIW: I'm not the one downvoting you and I disagree with those who do.


> "It's so commonly used exactly because it's a very simple one-size-fits-all approach".

ICO says this [1] about choosing a lawful basis: "You must not adopt a one-size-fits-all approach. No one basis should be seen as always better, safer or more important than the others, and there is no hierarchy in the order of the list in the GDPR."

I think I'll stay clear of your lawyer advise.

[1]: https://ico.org.uk/for-organisations/guide-to-data-protectio...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: