Have you ever heard the saying, "if you don't pay for the product, you are the product"? This is especially true in the digital age, where entities often offer free services in exchange for personal data. For example, insurance companies may offer discounts if customers agree to share personal data. But is this practice compliant with GDPR?
The GDPR allows conditioning service on receiving personal information only if an alternative offer that does not require consent has been made available.
Regulators have investigated this practice and recently, the Polish court changed the decision of the Privacy Protection Authority, ordering to reconsider if receiving a free service in exchange for personal data is against GDPR.
The ruling referred to an advertising campaign by PZU that offered free insurance in exchange for parents' consent to process minors' personal data. Customers were not informed about an alternative option of insuring their children for a fee without consenting to data processing.
The court suggested informing customers about alternative options before presenting a free service.
A similar discussion was held at the German Antitrust Authority regarding Facebook's practice of not properly informing users about the analysis of their profile through cookies and data collected through the service.
Facebook offered to use their site free of charge in exchange for personal data, treated as a kind of "commodity." Facebook was forced to amend its terms and conditions.
If you offer free services in exchange for personal data and want to comply with GDPR, inform customers about alternative options for the service, even in the absence of consent to personal data processing. Remember, GDPR ensures that personal data is protected, and consent should be given freely, without coercion or undue influence.
Comments