* Peter Gietz peter.gietz@daasi.de [2019-07-19 21:12]:
Getting consent from the user via "activate personalisation" sounds good and GDPR compliant to me as well, if the user gets informed that
"by pushing this button, I agree that the service provider stores my person related data (ID, affiliation, entitlements sent by my IdP, my IP address sent by my client, and my actions on this platform). Only if I want to receive emails from the service or if I want to be addressed by my name, I will add my email address and name respectively, but this is not needed for any other personalisation features like 'point me to the last document and its last page I read', 'my last searches', <include your personalisation feature here>, etc. Whenever I wish to, I may request to see and to have deleted all these data stored about me."
Sounds good!
I propose that we address this use case in more detail in our recommendation than it is by now.
If the service decides for trading personalisation features with name and email address it should make this also transparent. But we would not recommend such a trade in our recommendations.
+1
Thanks, -peter