Dave Rogenmoser is the founder and CEO of Proof (YC W18).
Proof is an embedded script for displaying public conversion data (i.e. John from SF just subscribed).
Martech companies like these guys are infamous for injecting their own Facebook pixels for personal use. My guess is that at some point you visited a site with Proof embedded and for whatever reason it fired a tracking pixel assigned to Proof (and not the site you were on). Alternatively, and less ethically, he uploaded a list of customers scraped from Proof to build his own audience. Proof garners data about purchases, so it's possible Dave determined you were an advantageous lead and added you to his list.
Dave also has recorded countless fake video testimonials pushing other people's products. He's everywhere and uses different names. It seems likely that at one point he was selling fake testimonials on something like fiverr
Ok there is a misconception in here:
legitimate basis is a broader term which is defined in recital 47. E.g.
"The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest." - Sentence 7 of recital 47.
However ever data processing based on legitimate basis is to be checked against the expectations of the data subject and its rights. This rational has to be explained to the data subject in plain words and the data subject has the right to object.
Also I am wondering, why are the recitals quoted and not the articles. The recitals are in fact part of the GDPR with the same value as the articles, but this is well, unusual.
> Also I am wondering, why are the recitals quoted and not the articles. The recitals are in fact part of the GDPR with the same value as the articles, but this is well, unusual.
Author here. I'm not a lawyer and my knowledge about GDPR is somewhat limited. Admittedly just grabbed the first thing that I found without getting too deep into it. Happy to update with more accurate references if it makes the point clearer.
> Ok there is a misconception in here: legitimate basis is a broader term which is defined in recital 47. E.g. "The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest." - Sentence 7 of recital 47.
> However ever data processing based on legitimate basis is to be checked against the expectations of the data subject and its rights. This rational has to be explained to the data subject in plain words and the data subject has the right to object.
I wasn't aware of it. That's interesting... do you have more info about the "has to explain ... right to object" part in particular? this sounds a bit like seeking explicit and informed consent though, right?
Before the data is processed the data subject is to be informed in a manner (explicit and in plain words) described in Articel 13 of the GDPR, which in (1) lit. d sates:
"where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;"
The rational behind this:
"The controller should provide the data subject with any further information necessary to ensure fair and transparent processing taking into account the specific circumstances and context in which the personal data are processed." (Recital 60, Sentence 2)
The right to object is Articel 21 of the GDPR. I am not citing the whole Articel here but it is worth reading however Sentence 2 of Recital 69 sates: "It should be for the controller to demonstrate that its compelling legitimate interest overrides the interests or the fundamental rights and freedoms of the data subject."
I learned the same lesson one day, what struck me was how many car lots had uploaded my data. Literally hundreds of ford lots, from all over the US had my info and had uploaded it. What use a guy from 3000 miles away, was to a car lot, I have no idea.
Delete the list in Facebook and watch how fast it comes back.
I now have no Facebook account because if all this.
8 comments
[ 3.2 ms ] story [ 33.4 ms ] threadProof is an embedded script for displaying public conversion data (i.e. John from SF just subscribed).
Martech companies like these guys are infamous for injecting their own Facebook pixels for personal use. My guess is that at some point you visited a site with Proof embedded and for whatever reason it fired a tracking pixel assigned to Proof (and not the site you were on). Alternatively, and less ethically, he uploaded a list of customers scraped from Proof to build his own audience. Proof garners data about purchases, so it's possible Dave determined you were an advantageous lead and added you to his list.
However ever data processing based on legitimate basis is to be checked against the expectations of the data subject and its rights. This rational has to be explained to the data subject in plain words and the data subject has the right to object.
Also I am wondering, why are the recitals quoted and not the articles. The recitals are in fact part of the GDPR with the same value as the articles, but this is well, unusual.
Author here. I'm not a lawyer and my knowledge about GDPR is somewhat limited. Admittedly just grabbed the first thing that I found without getting too deep into it. Happy to update with more accurate references if it makes the point clearer.
> Ok there is a misconception in here: legitimate basis is a broader term which is defined in recital 47. E.g. "The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest." - Sentence 7 of recital 47.
> However ever data processing based on legitimate basis is to be checked against the expectations of the data subject and its rights. This rational has to be explained to the data subject in plain words and the data subject has the right to object.
I wasn't aware of it. That's interesting... do you have more info about the "has to explain ... right to object" part in particular? this sounds a bit like seeking explicit and informed consent though, right?
"where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;"
The rational behind this:
"The controller should provide the data subject with any further information necessary to ensure fair and transparent processing taking into account the specific circumstances and context in which the personal data are processed." (Recital 60, Sentence 2)
The right to object is Articel 21 of the GDPR. I am not citing the whole Articel here but it is worth reading however Sentence 2 of Recital 69 sates: "It should be for the controller to demonstrate that its compelling legitimate interest overrides the interests or the fundamental rights and freedoms of the data subject."
Delete the list in Facebook and watch how fast it comes back.
I now have no Facebook account because if all this.