On 05/01/2022 18:36, Sam Kuper wrote:
On Wed, Jan 05, 2022 at 06:00:31PM +0100, John Fawcett wrote:
my understanding of the GDPR legislation is that it defines what is considered lawful processing. One of those items that makes the processing lawful is consent. Not necessarily.
An action that would not be lawful without consent is not automatically made lawful with consent, including under GDPR.
Correct there could be other reasons that make processing unlawful. However, GDPR will allow processing if the data subject consents and I think taht is what we are talking about in this thread.
If I send an email to a public mailing list I think it's fair to say that I am providing consent. Again, not necessarily.
First of all, consent cannot necessarily be assumed.
Correct that it cannot necessarily be assumed. But in this case I think it would be fair to assume it when someone sends an email to a public mailing list that consent has been given. I cannot see how having sent an email to a public mailing list I can then object to people processing it. Although it's not a question about GDPR, if I DID then change my mind, I cannot see a technical way to enforce it.
Secondly, a person sending an email to a mailing list might very well consent for the mailing list's recipients to receive the content, subject, and reply address of that email - but *not* the IP address from which it was sent.
Correct. That is why I mentioned as an alternative "request that your users consent to the processing of the data".
Sam