LexisNexis, which generates consumer risk profiles for the insurers, knew about every trip G.M. drivers had taken in their cars, including when they sped, braked too hard or accelerated rapidly.
Anonymization and pseudonymization are still considered as “data processing” under the GDPR—therefore, companies must still comply with Article 5(1)(b)’s “purpose limitation” before attempting either data minimization technique.
While truly “anonymized” data does not, by definition, fall within the scope of the GDPR, complying with the definition is so rigorous that a data controller should be extremely cautious before attempting to use anonymization as a way to circumvent the GDPR completely.
What about being an EU citizens prevents from from collecting any data on you? They’re still able to collect a lot of data.
They should confirm to gdpr rules. Ofc they can collect data, but they certainly can’t sell that personalized info to my car insurer, fi.
https://pro.bloomberglaw.com/insights/privacy/privacy-laws-us-vs-eu-gdpr/
GDPR is opt out, so you wouldn’t get any benefit until you complain. Plus:
Not really I must consent to an unambigious statement before data may be processed.
https://gdpr.eu/gdpr-consent-requirements/
Thats a bit too broad of a statement:
Source: https://www.morganlewis.com/pubs/2019/12/the-edata-guide-to-gdpr-anonymization-and-pseudonymization-under-the-gdpr