Nigel has an instagram account which is used for displaying numerous pictures of cakes, labradors and other such jolly bragging events.
This weekend along with 34 other ‘update your preferences’ emails received, all sent because of 20 years of non compliance,
I spotted the cheekiest, most rubbish attempt at a privacy notice ever, it happen to come from Instagram, owned by no other than Facebook.
It was vague and used every ‘lawful basis’ sat in the GDPR articles in an attempt to justify its rather creepy use of profiling of our pictures.
A privacy notice should be detailed enough for us to make a choice about whether we want to give our data to you, not suggesting that they are able to use the lawful basis of ‘in the vital interests of the data subject’ to process our holiday pictures!
This lawful basis is reserved for ‘life & death’ events, limited to organisations such as hospitals and ambulance services. There is not the remotest chance that they would use this lawful basis to attempt to pull the wool over our eyes and include it in the privacy notice.
I would love to see the justification for that lawful basis. Be GDPR smart, be specific, link a lawful basis with a product and be clear and not vague like the instagram lawyers draft.