This story raised a few issues for me…
Firstly, the appeal to the status-quo, “standard for any business” to justify a practice. This sort of unthinking doing-what-everyone-else-does would maybe be OK if the status quo weren’t so awful, but in this case an anonymous app in a world of over-tracked technology should probably be using the status quo as an example of what NOT to do.
The issue of mergers and bankruptcy. I’ve suggested, in conversations over the last few years, that personal data should probably be considered by competition regulators when deciding whether mergers and acquisitions should be allowed. More broadly, I think we need better guidelines around personal data when the controller is liquidated. We’re (slowly) recognising that personal data isn’t like other assets. Data subjects have a stake in personal data that simply doesn’t exist in fungible assets like gold, or furniture or even some non-fungible ones like intellectual property. There shouldn’t be market in trading consent – It should be like a parking ticket, non-transferable, whether through acquisition or liquidation. Who is processing data is a fundamental part of a decision whether or not to allow that processing and if the who changes, then the consent is no longer meaningful.
A rare example of a scenario where someone might actually need to think of the children!