(no title)
Guest0918231 | 5 years ago
Isn't everyone 'agreeing to everything' outside of the GDPR when they visit sites now, without the option of saying 'no'? Isn't everyone covered by GDPR being tricked into 'agreeing to everything' at the moment? Giving users the ability to disable the tracking aspect across all sites with one simple setting seems like a plus here.
> Any site doing this is breaking the law. Report them please.
Has any action been taken against a site for making their opt-out option more complicated than their opt-in option? Why try to regulate how millions of sites prompt users for consent instead of a few browsers?
> Because sites which track you don't want it. After all, they're the ones who invented "cookie banners"; and they could choose to get rid of them by just, you know, not tracking people. Yet they don't.
They didn't invent cookie banners, they added them because they were required by law. The same law could remove cookie banners and require the sites to respect a browser cookie.
chriswarbo|5 years ago
If there's no option to refuse consent, then it's not compliant with GDPR. In countries which implement GDPR (mostly EU countries, but I'm the UK and our law implements GDPR but we're no longer an EU member) those sites are breaking the law (that country's implementation of GDPR).
If you're talking about those in countries which don't implement GDPR (or equivalent), then yes; those people are generally not protected by EU law.
> Giving users the ability to disable the tracking aspect across all sites with one simple setting seems like a plus here.
I agree. Again, good luck getting surveillance companies to pay any attention, or prevent them implementing technically-legal workarounds: "Just a moment! We see you've opted out of our advanced partner network. You may be missing out on the latest tailored brand recommendations! Click here to opt back in."
> Has any action been taken against a site for making their opt-out option more complicated than their opt-in option?
Not as far as I'm aware (and I can't see any on https://www.enforcementtracker.com )
> Why try to regulate how millions of sites prompt users for consent instead of a few browsers?
1) Browsers aren't surveillance companies (OK, not all browsers are; e.g. I'm pretty sure lynx isn't meant to be spying on me).
2) GDPR is bigger than any particular technology. It seems reasonable to make some regulation like "The public considers your business model to be exploitative; from now on this requires explicit consent." It seems less reasonable make a regulation like "The technology/product/process/service you provide could potentially be used by others in these specific ways that the public does not favour; you must provide this specific mechanism/option/etc. in case it does get used for that purpose". It's not necessarily a bad idea, but it would be a pretty big ask. Even looking at the current situation, how would this handle apps? What about tracking pixels? What about scanning nearby WiFi network IDs? What about research or hobbyist operating systems? etc.
> They didn't invent cookie banners, they added them because they were required by law.
The intent of the law was to reduce the prevalence of surveillance-based business models. They've always had the option to stop. That would be the preferred option, for those who wrote GDPR, for members of the public who don't want to be tracked, for members of the public annoyed by popups, etc. They chose banners and, to a lesser extent, to gaslight the victims of their surveillance into thinking that GDPR required all these sites chose to break their own UX.
> The same law could remove cookie banners and require the sites to respect a browser cookie.
Again, it would be nice, but I imagine there would be an industry established overnight to provide opt-back-in banners, under whatever guise they can get away with.