
Who’s sharing my data, and who the hell is Dave M. Rogenmoser? - gingerlime
https://blog.gingerlime.com/2020/whos-sharing-my-data-and-who-the-hell-is-dave-m-rogenmoser/
======
ianhawes
Dave Rogenmoser is the founder and CEO of Proof (YC W18).

Proof is an embedded script for displaying public conversion data (i.e. John
from SF just subscribed).

Martech companies like these guys are infamous for injecting their own
Facebook pixels for personal use. My guess is that at some point you visited a
site with Proof embedded and for whatever reason it fired a tracking pixel
assigned to Proof (and not the site you were on). Alternatively, and less
ethically, he uploaded a list of customers scraped from Proof to build his own
audience. Proof garners data about purchases, so it's possible Dave determined
you were an advantageous lead and added you to his list.

~~~
stevewodil
Dave also has recorded countless fake video testimonials pushing other
people's products. He's everywhere and uses different names. It seems likely
that at one point he was selling fake testimonials on something like fiverr

------
number6
Ok there is a misconception in here: legitimate basis is a broader term which
is defined in recital 47. E.g. "The processing of personal data for direct
marketing purposes may be regarded as carried out for a legitimate interest."
\- Sentence 7 of recital 47.

However ever data processing based on legitimate basis is to be checked
against the expectations of the data subject and its rights. This rational has
to be explained to the data subject in plain words and the data subject has
the right to object.

Also I am wondering, why are the recitals quoted and not the articles. The
recitals are in fact part of the GDPR with the same value as the articles, but
this is well, unusual.

~~~
gingerlime
> Also I am wondering, why are the recitals quoted and not the articles. The
> recitals are in fact part of the GDPR with the same value as the articles,
> but this is well, unusual.

Author here. I'm not a lawyer and my knowledge about GDPR is somewhat limited.
Admittedly just grabbed the first thing that I found without getting too deep
into it. Happy to update with more accurate references if it makes the point
clearer.

> Ok there is a misconception in here: legitimate basis is a broader term
> which is defined in recital 47. E.g. "The processing of personal data for
> direct marketing purposes may be regarded as carried out for a legitimate
> interest." \- Sentence 7 of recital 47.

> However ever data processing based on legitimate basis is to be checked
> against the expectations of the data subject and its rights. This rational
> has to be explained to the data subject in plain words and the data subject
> has the right to object.

I wasn't aware of it. That's interesting... do you have more info about the
"has to explain ... right to object" part in particular? this sounds a bit
like seeking explicit and informed consent though, right?

~~~
number6
Before the data is processed the data subject is to be informed in a manner
(explicit and in plain words) described in Articel 13 of the GDPR, which in
(1) lit. d sates:

"where the processing is based on point (f) of Article 6(1), the legitimate
interests pursued by the controller or by a third party;"

The rational behind this:

"The controller should provide the data subject with any further information
necessary to ensure fair and transparent processing taking into account the
specific circumstances and context in which the personal data are processed."
(Recital 60, Sentence 2)

The right to object is Articel 21 of the GDPR. I am not citing the whole
Articel here but it is worth reading however Sentence 2 of Recital 69 sates:
"It should be for the controller to demonstrate that its compelling legitimate
interest overrides the interests or the fundamental rights and freedoms of the
data subject."

------
mtnGoat
I learned the same lesson one day, what struck me was how many car lots had
uploaded my data. Literally hundreds of ford lots, from all over the US had my
info and had uploaded it. What use a guy from 3000 miles away, was to a car
lot, I have no idea.

Delete the list in Facebook and watch how fast it comes back.

I now have no Facebook account because if all this.

~~~
b_ocu
Do you think facebook is the only place that is getting your data?

~~~
mtnGoat
absolutely not, but this article was about facebook. i know there are many
other companies doing questionable things with data about me.

