For episode 48 of the c’t data protection podcast, Joerg and Holger decided, at the suggestion of a listener, to extensively clarify when data processing is permitted under the GDPR. The result is a matter of interpretation that is clearly excessively long. The time is well invested, because as a podcast guest, the lawyer Sascha Kremer, who specializes in data protection, explains the situation also for laypeople and uses many concrete examples.
The mantra of the GDPR is: Any processing of personal data is prohibited unless permission is given (“prohibition with reservation of permission”). What is allowed is regulated by Art. 6 GDPR, which defines the six possible legal bases. At the beginning of the list is the informed consent of the person concerned. Everyone knows them, for example through the cookie banners upstream of the websites. Companies don’t particularly like it because it can be revoked at any time. They prefer to refer to the permitted data processing in the context of the conclusion of a contract. This already takes effect during the initiation, for example when a potential customer puts products in the shopping cart of an online shop.
In the podcast episode, Joerg and Sascha Kremer pay special attention to Article 6, Paragraph 1f, from the permitted “processing to safeguard the legitimate interests of the person responsible or a third party”. Joerg calls this legal basis the “catch-all rule”. Kremer points out that this legal basis is often misunderstood: It is not just about the legitimate interests of the processor, but also about weighing the interests of the processor, the person concerned and perhaps also third parties. Therefore, under no circumstances can a license be constructed from this. Using examples, the three discussants cast interests on both sides and see when there is actually a “legitimate interest”.
180 pages of advice from specialist lawyers: What companies, associations and the self-employed need to know! With many FAQs, instructions, checklists and samples. On DVD: 60 minute webinar “Anatomy of an IT Disaster” – be prepared and master the crisis.
Here are all of the episodes so far: