Most GDPR emails unnecessary and some illegal, say experts


I thought this might be something timely for the Radar… :smile:

“if the business had consent to communicate with you before GDPR, that consent probably carries over, and even if it doesn’t carry over, there are five other reasons a company can cite for continuing to process data.”


I think this is a strange statement, because if this were valid, change would not be possible.
Before GDPR we were forced to give consent to all the trackings and datamining in apps and in browser.
We are in conflict with a Dutch newspaper group about this. We paid for the digital newspaper. Yet they do not give the opportunity to opt out for certain non functional cookies and spies like Facebook Pixel. You have to give consent to the whole bunch of data miners otherwise you can’t read the newspaper app. While before we never got that pop up with the request to give our consent. They just spied in secret. iTunes does not give a list of spying features before installing an app. Sometimes apps in iTunes have a link to a privacy statement, but not always. Android showed a list of spying features before installing the app, but untill now you had to swallow everything otherwise you could not install the app. Just what the newspaper group does today and that’s not allowed anymore according to GDPR. They should give us the choice to opt out for certain cookies. So I don’t agree with the statement above.


As I read the news article, consent that was already in-line with GDPR still qualifies. Other “consent” does not.

So, the newspaper saying that you had to accept their whole lot of tracking in a take-it-or-leave-it way is not in line with GDPR, so their doing that before does not qualify now. Thus, they do not have your consent, and they need it to continue sending you emails.

But if you signed up voluntarily for an email list (such as getting notified of activity here at, you don’t need to re-consent because the original sign-up was in a manner that is valid enough under GDPR.

To put another way: those cases that were already doing the right thing pre-GDPR have consent that still applies now.


A lot of people would like things to be exactly the same as before… I recently had a bit of a row with a chap who was supposed to be an ‘expert’ who was trying to make out that just putting ‘is it ok if we send you emails’ was enough to comply with GDPR. It isn’t which eventually he did admit, but not until after he’d already told a room full of business people the opposite.