LexisNexis, which generates consumer risk profiles for the insurers, knew about every trip G.M. drivers had taken in their cars, including when they sped, braked too hard or accelerated rapidly.
Anonymization and pseudonymization are still considered as “data processing” under the GDPR—therefore, companies must still comply with Article 5(1)(b)’s “purpose limitation” before attempting either data minimization technique.
While truly “anonymized” data does not, by definition, fall within the scope of the GDPR, complying with the definition is so rigorous that a data controller should be extremely cautious before attempting to use anonymization as a way to circumvent the GDPR completely.
Not really I must consent to an unambigious statement before data may be processed.
https://gdpr.eu/gdpr-consent-requirements/
Thats a bit too broad of a statement:
Source: https://www.morganlewis.com/pubs/2019/12/the-edata-guide-to-gdpr-anonymization-and-pseudonymization-under-the-gdpr