I disagree with the GDPR "success story" part of your comment. So far it's backfired entirely. The goal was to provide users with more control, and (from the standpoint of such a user) to reduce relentless personal data harvesting.
That hasn't happened. What's happened is more annoying "we use cookies and track you"-banners all over the internet. As a user who doesn't use cookies, these damned things won't even go away and keep coming back. It hasn't given me more control. At all. If anything, it's made me more trackable on the internet (because now I'll have to use cookies to tell people I don't want their god damned cookies).
Online newspapers are the worst. "Here's a front page you can read, and maybe the start of an article, if you want more, you have to give us permission to track you -- or you can just fuck off". What exactly has GDPR solved here? Nothing. Before this nonsense, I could simply tell my browser not to accept cookies from these sites, and I could tell my plugins to ignore their tracking stuff. But at least I could read the newspaper without any hassle. Now all I get is more annoying popups and less contents. Thanks, GDPR.
Yes, I'm being snarky. Yes, I know the idea of the law is pretty solid. But no, I'm not at all happy with the outcome.
AFAIK GDPR does explicitly legislate against all that - dialogues should be "opt-in" and should include a simple "no" option, and that sites shouldn't "ban" you for not clicking "yes".
But unless EU actually starts delivering some hefty fines, the law is just a dead tree.
But if the site relies on cookies and localStorage and cannot work without it, "no" option is equivalent of "ban".
And it's their computer that allows the usage of cookies and localstorage. All modern web browsers has an option to disable them. It's technically stupid.
I think they're saying that a lot of sites use cookies instead of the web storage api to store the option on the dialog, meaning that even if the dialogue are opt-in, they won't work unless the user enables cookies.
Basically a fundamental misunderstanding of the difference between cookies and local storage on the part of the web developers of many sites; i.e. cookies are sent with every request, whereas localstorage isn't and these sites should be storing the option to not use cookies in the localstorage instead of cookies, and I think I'm repeating myself because I haven't had my coffee after taking a nap, but that's neither here nor there or anywhere.
They should, in theory, fine websites that do install cookies before you give consent, or refuse to give sevice that doesn’t strictly require cookies (e.g. an article).
You can definitely put ads without deep profiling. They can even be relevant. Just advertise for fishing accessories in fishing articles. Or hardware load balancers on Slashdot. Why not? Better than serving me whatever someone in my family has looked before (that is if I didn't have an adblocker for the past 10 tears)
Probably most content people read does not easily translate to a product as in your fishing example. Generally, ads with no targeting are not very profitable.
My point was there can be
targeting on content. Magazines have ads. Are they as profitable as privacy invading content ? Maybe not but they're tolerable.
There are ads on HN (the "xyz is hiring", and I suspect a non-zero number of articles posted/promoted to the front page are paid ads made to look like content.
You can gauge user interest by, for example, counting page views. You don't need to fingerprint users, create a catalog of all articles they view, try to guess their interest in certain topics using "AI", and do all the other absurdity that they think they "need" to do now.
The law was not created to piss off the minority of users that do not use cookies or use plugins or extension to protect themselves, the law is intended for all users to be informed and to allow them to protect themselves.
There are many people, like my father that don't even realize that his data was collected and sold behind his back, hopefully we get some fines soon so the websites implement the law right.
What I do if I really want to read a news article I will open it in a private window, accept that crap and close the window when done, but most of the time I will not read that website and go to ones that respect the users like Europen new websites.
On my my domestic ADSL line the cookie pop-up takes almost 10s to load. It presents 67 checkboxes to select from. There is no default selection, so this requires at least 3 more clicks (at least the non-obligatory cookies are grouped). Submitting the form takes another ~4s -- it even has a progress bar. (Thankfully they aren't using TLS so it's not quite as slow as it could be).
Earlier this summer this component was broken and I just couldn't use oracle.com.
Same for offline businesses. Go to a bank, they'll ask your consent for handling personal data ("It's a GDPR law"). If you don't want to sign, they won't do business with you. No bank will.
So, it's just one more paper to sign, and doesn't help the actual consumer. I would have expected more of "Don't send me any promotional/survey questions unless I opt in", or "Never share my data with 3rd parties, period".
> If you don't want to sign, they won't do business with you.
That's illegal. Consent to processing can not be a prerequisite for service. [0] (Otherwise GDPR would have no power, even in theory.)
If the processing is so important that service cannot be provided without it, or wouldn't be legal to offer, it's covered under Art. 6(1)(b), (c), or (f): performance of a contract, legal obligation, or legitimate interest of the business. Consent—Art. 6(1)(a)—is what you use when you just want the data but don't actually require it to offer the service.
Saying "Sign consent or go away" is saying "We could serve you without this, but we want it, so we're lying and saying we can't."
It seems like almost everyone has chosen this weird malicious non-compliance (maximum annoyance but without the compliance) as their GDPR strategy.
Maybe lawyers found a way to claim that left is right and up is down.
Perhaps you should go read the thing, you might be positively surprised. The first thing you want is there, the second is a more complicated question. Sometimes some of your data is actually really needed, e.g. when required by the law. GDPR is a compromise: you have to state explicitly where the data is going and you better keep it safe, under the threat of a possibly hefty penalty.
This ^ is a shortened simplified statement. You can argue semantics or maybe that I'm just flat out wrong if you wish, but that'll mean you read the GDPR, a win in itself.
> What's happened is more annoying "we use cookies and track you"-banners all over the internet.
Not exactly. What happened on many sites is that along with that notification you are given an option to opt out of tracking and view crazy-long lists of partners with whom data is shared. So on those sites the user is given both choice and greater transparency. (Although I admit usually the choice is presented in such a way that it is easy to accept and difficult to reject - which is actually prohibited by GDPR.)
However on the other hand, as you say, there are sites which only give notification without giving any choice - which is also prohibited by GDPR. So I'd say the law is good, now we need to see it enforced and actually punish sites which do not follow it.
Apparently "allow being tracked to gain more access" somehow isn't. As far as I can tell that's what every major newspaper in Belgium is doing. I suspect they've got folks in their employ who speak legalese.
But then newspapers in Belgium are pretty horrible in general. They're exempt from paying VAT, even for content they sell online. Online-only news sites don't get this exemption and have to charge 21% VAT, so the entrenched newspapers have something of an unfair advantage there. But anyway, that's a different rant entirely. Just an illustration of their general scumminess.
Is it ok to say "you get a discount if you allow being tracked"? As a practical matter, these places need to earn money to exist, so either you get served ads or you pay directly. It's highly unreasonable to expect free service.
IOW the EU is picking winners and losers in the market. If your business model is based on building models of user behavior and monetizing that, you will not be allowed to succeed. If your business model is based on holding a monopoly on the reproduction or display of entertainment, you will be allowed to succeed, at the expense of tech companies whose technologies might have otherwise made your business model obsolete.
The most likely outcome will be a distorted market in Europe and European tech companies becoming even less relevant and even less able to compete in other regions of the world.
Yes, it's codifying ethical standards into law. I take it you think the US banning slavery was overreach because it made certain business models illegal? You may disagree, but the basis of the GDPR is that privacy and control over your own personal data is a human right, so violating that right is no legitimate business model.
What? You can make money by charging people for it. Don't want to pay for newspapers for example? Without ads you can either pay up directly or not enjoy the publication.
I don't understand where this entitlement for free stuff comes from.
I don't know why you think I was advocating for free stuff. I was not. I'm happy to pay for content I want. It's what time companies should be doing instead of not charging, tracking invasively, and selling user data. If you can convince people to pay for your content then the market is telling you you don't have a viable business.
I think the issue with GDPR is that you can't deny service if they don't want to pay and don't want to be tracked. Iow, you can't ask them to pay if they don't want to be tracked. That's where the complaint about demanding a free service comes from.
If you want to offer a free product to those who are willing to be tracked and don't care about ad personalization (such as myself) - you can't do so without also offering to free to everyone else. You aren't allowed to ask the second group to pay if they want to use your product - thereby forcing them to offer it for free in a way.
"By using these filters, you are allowing sites to set cookies by default, without you first being notified, and are agreeing to allow the sites you visit to set cookies."
Does lack of interaction with a (blocked) cookie banner give implicit consent to be tracked?
The page is about the pre-GDPR cookie law, not about GDPR. Under the pre-GDPR cookie law, requiring an opt-out rather than an opt-in was allowed. Under GDPR, it is not.
That hasn't happened. What's happened is more annoying "we use cookies and track you"-banners all over the internet. As a user who doesn't use cookies, these damned things won't even go away and keep coming back. It hasn't given me more control. At all. If anything, it's made me more trackable on the internet (because now I'll have to use cookies to tell people I don't want their god damned cookies).
Online newspapers are the worst. "Here's a front page you can read, and maybe the start of an article, if you want more, you have to give us permission to track you -- or you can just fuck off". What exactly has GDPR solved here? Nothing. Before this nonsense, I could simply tell my browser not to accept cookies from these sites, and I could tell my plugins to ignore their tracking stuff. But at least I could read the newspaper without any hassle. Now all I get is more annoying popups and less contents. Thanks, GDPR.
Yes, I'm being snarky. Yes, I know the idea of the law is pretty solid. But no, I'm not at all happy with the outcome.