How do client blacklists work with gdpr?

@kuba

@kuba
Examples (multiple because I expect the answer might differ):
a) "we don't serve these people" in a butcher shop
b) "these people cannot attend our performances" in a theatre,
c) "these people cannot buy anything from us" for an online retailer.

(Motivation for the question is nbcnewyork.com/investigations/)

@robryk tough question. I suspect there's no general answer. I guess it depends mostly on the purpose of such blocklist and it's proportionality to the importance of that purpose.

@kuba WDYM by purpose? Isn't purpose in all cases "nor serving a person we desire not to serve"?

@robryk uh, maybe I'm mixing purposes with legitimate interest here. Legitimate intrerest has to be more abstract, like "ensure physical safety of our staff" or "make sure our clients feel safe" or stuff like that. If they're processing facial recognition results without consent, they have to have a legitimate intetest.

Follow

@kuba I'm wondering about the case of processing someone's name or photo (that's shown to staff), because e.g. this fellow is too troublesome to serve. (Does gdpr make this qualitatively different from doing face recognition to do the same thing automatically?)

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.