Opt in, tune out, time’s up

Companies are getting themselves in a knot over new data protection regulations

The biggest overhaul of data privacy regulation in the history of the internet will come into force on Friday as businesses scramble to comply with the new rules. Photograph: Yui Mok/PA Wire

The biggest overhaul of data privacy regulation in the history of the internet will come into force on Friday as businesses scramble to comply with the new rules. Photograph: Yui Mok/PA Wire

 

One thing is certain. Unlike much of the legislation that comes to us from Europe, no-one will be able to say after this week that they are unaware of GDPR (the new General Data Protection Regulation). Everyone’s email inbox is brimful of solicitations from companies and organisations that hold our details , asking for permission to continue to do so.

The new rules come into force on Friday. Yet for all the hype, the planning and the millions of euro spent on advice from lawyers and data protection specialists, it would appear that confusion still reigns.

A central element of the new rules is to ensure that people actively opt in to you holding their personal details for future use rather than holding on to them by default, from often unrelated data gathering exercises and putting the onus on people to specifically request their data are no longer used.

Legitimate interest

For many companies and other organisations, a key consideration is whether they actually need to seek specific retention approval from those on their database. In general, certainly they do but there are a number of exceptions – most notably one of “legitimate interest”. For instance, you would presume that PR professionals would have a legitimate interest in holding email and phone contact details in relation to journalists with whom they engage in the course of their work.

So far, so clear. If you have a legitimate interest in contacting, you can continue to do so with confidence. And you do not need to contact anyone to seek their permission if you have a legitimate interest in retaining the data.

So you would expect that only organisations and companies requiring active opt-in would be contacting people on whom they currently hold data. That’d be logical.

But no. Several groups – including small business lobby Isme and the corporate regulator, the ODCE – have sent out mails offering people the opportunity to unsubscribe. That is, opt out. If there was ever a guarantee of confusing even those who are most familiar with the new rules, this is it.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.