The postman always delivers - but shouldn't repurpose data

Austria's postal service fined €18m for collecting political opinions & monetising the data

Trick question: is it legal for a national postal service to guess your political opinions from what they know about you, such as age and address, and sell that data for political marketing without you knowing?

OK, there’s no trick, of course it’s not!  It fails so many sniff tests and it’s a clear breach of GDPR which treats political opinions as ‘special categories of personal data’ which deserve such a high level of protection that the default position is you shouldn’t process them.

Gathering personal data in the first place is processing under GDPR, for which you need to identify which of the 6 legal grounds in Article 6 applies (in short the 6 are consent or necessary for one of legal obligation, contract, legitimate interests, vital interests or public authority).

Sharing personal data with third parties to do marketing for them or giving it to them to do marketing themselves is also processing under GDPR and you need to fit one of the above legal grounds to that processing – as well as comply with the rest of GDPR such as providing appropriate privacy notices so that the processing meets the lawfulness, fairness and transparency principle in GDPR.

But because political opinion data is a special category of personal data, you need to also identify which one of 10 tightly drawn additional legal grounds exists – none of which could apply here other than explicit consent.  From reports on this case, we don’t gather the Austrian national postal service asked each person for their explicit consent to do this.

The Austrian postal service was fined €18 million for this breach of GDPR and apparently intends to appeal.


Related Articles

Blog News & Awards
Keepabl is named to the RegTech100 2022

The fifth annual RegTech100 was announced today by specialist research firm RegTech Analyst. Regarding Keepabl’s inclusion, RegTech 100’s Director of Research, Mariyan Dimitrov says: ‘We’re delighted to welcome Keepabl into…

Read More
Blog
GDPR's global business impact, Brexit and our founder's story

Watch the video on Privacy Kitchen! We’re very grateful to Copenhagen Business School for the opportunity to share this excellent interview by their Associate Professor, Pedro Telles, for CBS’s students. …

Read More