Our remarks • If you refuse to provide information about • When basing your personal data processing on the processing to the DPA on the basis that it consent of the data subject, this consent can be constitutes a trade secret, then it may lead to an given by the data subject ticking a box. However, investigation or search. you should pay attention to how your consent solution is designed. Here are some good rules of • If there is a service where users can be created, you thumb: will almost always process personal data about these users, such as a username or an e-mail ° In the consent solution, user Terms and Privacy address as the clear starting point constitutes Policy must not be accepted by ticking the same personal data. Regardless of whether a username box. Instead, they should be presented as separate or an email address in the specific case can be options and thereby allow the user to make a choice. characterized as personal data, you will always ° If both general and sensitive personal data process personal data in the form of users’ IP are processed, the user must consent to these addresses. individually. • You are a data controller for the personal data that ° If personal data is processed for multiple purposes, users provide in free text fields. This is the case even the user must also consent to these individually. if they are optional. • The Danish DPA thinks that dating sites process sensitive information about sexual relations or sexual orientation by virtue of being a dating site. 107