speculatrix t1_j31l723 wrote on January 5, 2023 at 12:50 PM

Reply to comment by CatnipJ in The year-in-review trend is a reminder of just how much commercial surveillance these services run on us by CatnipJ

I wouldn't be surprised if the companies' appointed data protection officer actively wants to have these reports to justify data acquisition under GDPR rules.

Personally, I use them as a prompt to unsubscribe or delete accounts I don't want use any more.

CatnipJ OP t1_j31luhe wrote on January 5, 2023 at 12:56 PM

I have been pondering this point, and while I think there is a strong argument under Article 6(1)(f) of the GDPR for collecting this data as a legitimate interest of the company, I am stuck wondering about the legal reasoning for retaining the data so long.

The GDPR requires data to be kept only as long as necessary to achieve the purpose(s) of its collection. So, keeping all this data throughout the year just to create data visualizations? Seems sus -- to me. And I'd be interested in hearing from a DPO on how they justify the retention.

speculatrix t1_j31mhh5 wrote on January 5, 2023 at 1:02 PM

Indeed, this poses many problems and I too would like to know their justification.

And, surely, they should ask in advance if I even want to generate the report at all, because that of itself can effectively de-anonymise bulk statistics in creating a personalized report.