GDPR – scarier than you think

OK so maybe you never thought it was easy anyway. But some people labor under the mistaken impression that there are quick fixes or hacks.

• Just block any traffic coming from Europe!
• Just tell them using your service or scrolling counts as automatic consent!
• Just tell them they have to consent to your particular use of cookies to use the service!

Well, it turns out these quick and dirty fixes are much more dirty and quick than they are fixes.

• Just block any traffic coming from Europe!

A “Data Subject” within the law of GDPR is any legal entity (company or person etc.) that is subject to the laws and protections of GDPR, for instance a German citizen on vacation in New York, or a French company doing business in Alaska.

• Just tell them using your service or scrolling counts as automatic consent!

Recent updates to guidelines from the European Data Protection Board (EDPB) make clear that a service provider cannot assume that a user simply scrolling past a dialogue box stating a cookie or personal data use policy can be taken as consent.

• Just tell them they have to consent to your particular use of cookies to use the service!

Those same updates also clearly state that it is not acceptable to condition access to your webpage or service to their consent to your use of their data. That is you must comply with both the letter and spirit of the GDPR guidelines. That if you are relying on consent as your justification (of the six allowable legal justifications to collect data) then it must be clear and informed, specific and freely given.

ROWND can help with this by granularity identifying the pieces of data you are asking your users for access to, the purpose for it, and empowering them to truly own their own data. It’s their data, you’re just using it to help them, and if they don’t agree or ever change their mind, they simply change the settings in their ROWND access portal, with no action needed from you.