The European Data Protection Board has provided an interpretation of when it is considered that a controller, or processor, monitors the behavior of individuals in the EU and their behavior that takes place within the Union.
Primarily, it should be noted that monitoring involves monitoring people via the Internet or profiling them in order to analyze or predict their personal preferences, behaviors, and attitudes.
Monitoring can take the form of:
– advertising, based on the person’s behavior,
– monitoring geo-location for marketing purposes,
– Personalized diet and health analytics online services,
– Market surveys and other behavioral studies based on individual profiles,
– Monitoring or regular reporting on an individual’s health status.
The European Data Protection Board also cites an example where a retailer, or a processor with an establishment outside the European Union, is processing personal data of data subjects who are in the EU in order to monitor their behavior within the Union.