Since 25 May 2018, the provisions of the General Data Protection Regulation (GDPR) have been binding throughout the EU. At the same time, the ePrivacy Regulation was initially intended to be applied, but the legislative process has been delayed until today. Nevertheless, online marketing must adjust to the fact that the ePVO will supplement the GDPR soon. It will mainly regulate the use of tracking software and cookies.
When may personal data be processed?
In principle, it must be ensured that the processing of personal data serves only the purpose specified for the collection. As a rule, a person whose data are collected must agree to this. They must, therefore, inform the data owner of the purpose and scope of the collection and point out to him that he can object to the processing of his data at any time.
However, the processing of personal data can also take place without the consent of a data owner if a company can justify this by a justified interest. This only applies if the interests or fundamental rights of the data owner do not predominate. If the interests of the data owner are merely affected, this does not usually stand in the way of data processing. If personal data is anonymized or pseudonymized, the probability of the permissibility of data collection via various tools is higher. In contrast to pseudonymization, it is no longer possible to assign data to a specific person by using a key.
Double-Opt-In, DSGVO, proof obligation, and high penalties – many Buzzwords approximately around the DSGVO already admit – which data security in online marketing means, this explains DeSight Studio in this contribution.
Double-Opt-In as default
To obtain legal protection, the data subject should consent to the collection and processing of his/her data. This is the case, for example, with a newsletter registration by the renewed confirmation by e-mail only with the Double-Opt-In. Single opt-in, on the other hand, is much more susceptible to errors and misuse, because third parties can also specify a recipient who has no interest at all in the content.
The data owner’s consent can only be given lawfully if he is informed by a GDPR You must also tell him in this way which the data will be made available to. The GDPR also strengthens the right of the data subject to object to data processing. They should be allowed to exercise their right of objection as efficiently as possible. One-click solutions should, therefore, be preferred.
Integration of cookie hints