Sexual Orientation Data

Information concerning an individual's sexual orientation, classified as a special category of personal data under GDPR Article 9 and sensitive personal information under CPRA. This includes explicit statements about sexual orientation, as well as data from which orientation can be inferred, such as same-sex partner relationships, LGBTQ+ organization memberships, or dating app usage patterns. Processing this data receives heightened protection due to significant discrimination and harm risks. Under GDPR, processing is generally prohibited unless exceptions apply (explicit consent, manifestly made public by the data subject, vital interests, etc.). Under CPRA, consumers have the right to limit use and disclosure beyond purposes necessary for expected services. Organizations should: minimize collection of sexual orientation data, implement strong security controls, carefully consider necessity and legal basis, conduct Data Protection Impact Assessments for processing involving this data, and be particularly cautious about inferences from other data points. Historical discrimination against LGBTQ+ individuals makes robust protection of this information especially important.