this post was submitted on 25 Apr 2024
372 points (98.2% liked)

Privacy

31975 readers
740 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
372
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]
 

I never consent to give my data away or being tracked, but how do you deal with so called legitimate interest? I tried several times to untick them but it is a long list (in fact at the bottom there is a "vendors" link with even longer, much longer list. It took me 10 minutes to get to the bottom of it once).

My questions:

-how can we trust these so called legitimate interests when they are self defined by companies whose business model relies on your data?

-how can we find out what these legitimate interests are and what data it collects?

-are such companies controlled in any way?

-is this kind of consent form compliant with EU gdpr? (normally opt out is to be as easy as opt in, and there is no "refuse all" for these so called legitimate interests).

-what are your strategies against such sites tracking you? Or am I just being paranoid?

The sheer amount vendors is daunting, the Internet really turned into crap

Edit: when clicking Preferences at the bottom the content of the legitimate interested is spelled out for each vendor, so this replies one of my questions.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 6 months ago (2 children)

This is the exception to prove the rule that the other interests are definitely illegitimate. This is the website telling you that they give away your data for illegitimate purposes.

It's not a surprise. We knew this was true. But seeing it's spelled out like this is a little galling.

Illegitimate: not authorized by the law; not in accordance with accepted standards or rules

The website is basically admitting that they're using your data maliciously, intentionally, by having this distinction.

[–] [email protected] 7 points 6 months ago (1 children)

While you’re right conceptually, this isn’t what the wording means in terms of consent dialogs. Legitimate interest means they can assume, legitimately, that you have an interest in aspects of the site (by you being there) that require X cookies, basically. Ie their product is providing functionality they can assume you’re interested in just by being there, and they’re “pre approving” the tracking/storage for that functionality.

I concur that it’s rubbish and used almost always in a manner that reeks of illegitimacy.

[–] [email protected] 1 points 6 months ago

That's not quite what it means. Legitimate interest is a term from the GDPR, and is one of the legal bases on which a company may process your personal data. Essentially the company has a "legitimate interest" (i.e. reasonable purpose) for which your data must be processed.

Typical examples of legitimate interest are: fraud prevention, direct marketing, or ensuring network/information security of their IT infrastructure.

The rest of your comment is essentially correct though. Notably, the examples above are not exhaustive: legitimate interest is fairly vaguely defined. And there is a process in the GDPR to object to your legitimate interest claim. This has resulted in essentially all data collection companies claiming a generic legitimate interest on your data, and it's up to you to object to all of them individually. This undermines the general "you must opt in to tracking" principles of the GDPR, but until privacy agencies of the EU get around to some enforcement that's how it is.