On 05/01/2022 18:36, Sam Kuper wrote:
On Wed, Jan 05, 2022 at 06:00:31PM +0100, John Fawcett wrote:
my understanding of the GDPR legislation is that it defines what is
considered lawful processing. One of those items that makes the
processing lawful is consent.
Not necessarily.
An action that would not be lawful without consent is not automatically
made lawful with consent, including under GDPR.
Correct there could be other reasons that make processing unlawful.
However, GDPR will allow processing if the data subject consents and I
think taht is what we are talking about in this thread.
If I send an email to a public mailing list I think it's fair to say
that I am providing consent.
Again, not necessarily.
First of all, consent cannot necessarily be assumed.
Correct that it cannot necessarily be assumed. But in this case I think
it would be fair to assume it when someone sends an email to a public
mailing list that consent has been given. I cannot see how having sent
an email to a public mailing list I can then object to people processing
it. Although it's not a question about GDPR, if I DID then change my
mind, I cannot see a technical way to enforce it.
Secondly, a person sending an email to a mailing list might very well
consent for the mailing list's recipients to receive the content,
subject, and reply address of that email - but *not* the IP address from
which it was sent.
Correct. That is why I mentioned as an alternative "request that your
users consent to the processing of the data".
Sam
