CatnipJ OP t1_j31luhe wrote on January 5, 2023 at 12:56 PM

Reply to comment by speculatrix in The year-in-review trend is a reminder of just how much commercial surveillance these services run on us by CatnipJ

I have been pondering this point, and while I think there is a strong argument under Article 6(1)(f) of the GDPR for collecting this data as a legitimate interest of the company, I am stuck wondering about the legal reasoning for retaining the data so long.

The GDPR requires data to be kept only as long as necessary to achieve the purpose(s) of its collection. So, keeping all this data throughout the year just to create data visualizations? Seems sus -- to me. And I'd be interested in hearing from a DPO on how they justify the retention.

speculatrix t1_j31mhh5 wrote on January 5, 2023 at 1:02 PM

Indeed, this poses many problems and I too would like to know their justification.

And, surely, they should ask in advance if I even want to generate the report at all, because that of itself can effectively de-anonymise bulk statistics in creating a personalized report.