The European Data Protection Board has provided an interpretation of when it is considered that controller, or processor monitors the behavior of individuals in the EU and their behavior that takes place within the Union.
First of all, it should be noted that monitoring involves monitoring people via the Internet or profiling them in order to analyze or predict their personal preferences, behaviors and attitudes.
It states that monitoring can be in the form of:
– advertising based on the behavior of a person,
– monitoring geo-location for marketing purposes,
– Personalized diet and health analytics services online
– Market surveys and other behavioral studies based on individual profiles
– Monitoring or regular reporting on an individual’s health status – video surveillance through the camera,
The European Data Protection Board also cites an example where a retailer, or a processor with establishment outside the European Union, is processing personal data of data subjects who are in the EU in order to monitor their behavior within the Union.