Gregory's Server@davidculley @kuketzblog I am not a lawyer and this is clearly a tricky situation. But I am pretty confident that under the GDPR a company does not have to ask for consent for anonymous product telemetry that does not contain personal details. Mozilla’s telemetry collection practices are sound and tested and from past experience I know that they will never collect anything that can tie the data back to an actual person.
|
10 comments
@st3fan EU-ePrivacy Directive Article 5 Translate this to English:  @davidculley Oh they speak from a “TDDDG” perspective. Is that something Germany added on top of the GDPR? @st3fan It’s not GDPR, it’s the ePrivacy Directive. TDDDG is the German national implementation of the ePrivacy Directive. Important (and violated) is Article 5, sentence 3. @davidculley I am not a lawyer. But I am really not sure if that section means what you think it means. @st3fan It’s not what I say. It’s what privacy experts and their lawyers say. I just read their blog. @st3fan Besides, it says: > is offered the right to refuse such processing How can I refuse if the telemetry is sent as soon as I open the app, before I can even go to the settings menu and change opt-out to opt-in? The telemetry was already sent without me being able to refuse. So I don’t think I misunderstood it. @davidculley I don't know. I am not a layer and I definitely don't know the German situation well. I do think it is complicated and somewhat ambiguous. It seems the TDDDG specifically applies to the Telecommunications and Telemedia industry? And it mostly talks about websites and cookies. Is a mobile app part of that? Or would K-9 fall under the BDSG, which seems to use the same definitions as the GDPR around classification of personal data and when consent needs to be asked? |
@davidculley @kuketzblog Should they have implemented opt-in? Yes 100% given all the other controversial situations they are in. But there may not have been a legal reason in this case.