Continuing the discussion from GDPR - new user data law, May 2018. What is your plan?:
We’re going to have more and more of these discussions as the deadline approaches, because every time we think we have a plan, someone new joins the conversation and asks a question we have not yet considered.
Case in point, I’ve linked to the thread on “Make a Plan” above which is great. We (Community Managers) are thinking of GDPR in terms of data security and opt-ins etc. and most of us should have a plan already.
However, I have not seen a discussion on the question of “Legitimate Interest” use of lots of other data that is available to us.
Here’s a scenario:
A member joins our community, opts-in to receiving email and accepts our TOS which includes disclaimers about being able to know what data we hold on them and to delete this if they want to leave. We don’t sell the data or unfairly repurpose their private information for marketing purposes.
However, two months down the line, we want to increase the overall engagement levels within our community and we want to convert regular readers who have not yet posted to the site (i.e. lurkers) to take that ‘one small action’ to get them involved, and we think that getting them to add a photo to their profile would be a simple and effective way to do that.
Is the targeting of these members via the data matching of read/post/photo stats on their profile a Legitimate Use of their personal information? We are not selling them anything or giving the information to others, but we ARE targeting them individually.
Is this sort of creative data usage, even just for engagement activities or reporting, a valid use of personal information? Would this sort of activity, or even this kind of analysis, fall under the GDPR rules?