Flattr subscribers make a voluntary payment from 3 USD/month, install the company’s browser extension which collects their browsing history, and then Flattr divides their subscription fee out among the creators and websites they spent the most time on.
I emailed Judith Nink, Flattr’s Data Protection Officer, in and asked whether it was strictly necessary to require subscribers to delete and create new accounts every month to have their old browsing data deleted. I also asked for tools to allow subscribers to delete their own data when there’s no longer any value to them in letting Flattr retain the data. Flattr only needs to know what websites you visit for the duration of the current subscription period to deliver their service. Judith Nink responded with promises of reduced data retention duration once the GDPR went into effect in .
Flattr may still retain aggregated data such as the total number of users who contributed to a domain within a certain time period for statistical and business purposes. This data isn’t associated or linked with user accounts, however. The new policy delivers better privacy for everyone and delivers on one of the GDPR’s core principles: privacy by design and default.