Title: .A. ROCK CONCERT

This example shows that consent at the data collection level is difficult to refuse and that once data have been anonymised, control over the use of these anonymised data is lost. 

An organiser of a rock concert sells tickets on-line and the subjects must give name, address, age and billing information. After issuing the ticket and receipt of payment, the personal data are made anonymous. The organiser uses the anonymous data to calculate the average age of the visitors. The outcome is that the 64 % of the visitors are under 18. Consequently, the price of ‘breezers’ increases with 5 % because statistics have proven that 17- year- old children love these soft drinks…

In principle data protection law applies at the level of data collection: the data subject has to be informed of the purpose of profiling at the moment of collection if her personal data are used for the construction of the profile (see the discussion in section .A.3). The data subject could refuse that her data be used for such purpose, but then she may not get a ticket. However, as the construction of the profiles is based on data that are rendered anonymous, data protection law does not apply any more. Data protection will also not apply at the application level since the data subject is not identifiable at the moment of application.