“One Consent, Many Uses? Purpose Creep in Action”

A user gives their phone number to verify their identity (2FA). A month later, they get a WhatsApp ad from the same platform. No fresh consent.

📣 Do you think this is a legitimate reuse of data or a classic case of purpose creep?

💬 Jump in:

• Should businesses take separate consents for marketing vs. security use cases?
• How do you explain granular consent to a non-privacy person?

Let’s see how you’d handle this as a DPO or privacy consultant!