← Back to context

Comment by csagan5

6 years ago

It could be argued that a similar violation is present (since March 2019) in Chromium for the Widevine CDM provisioning request, see https://github.com/bromite/bromite/issues/471

Basically all users opening the browser will contact www.googleapis.com to get a unique "Protected Media Identifier", without opening any web page and even before any ToS/EULA is accepted (and there is no user consent either).

3 comments

csagan5

Reply
dessant  6 years ago

I think the Widevine CDM request is needed for the service to function, though they could certainly delay it until a website requires DRM. GDPR allows the use of personal data without consent when it is required to provide a service for the user.

The personal data collected with the x-client-data header is not required for Google sites to function. Google uses the data to gain a technical advantage over other sites on the web, this is why the data collection in this case requires consent.

  • mokus  6 years ago

    Whether consent is legally required or not, as a user I want that service, whatever it is, to not work until I consent to the exposure of my personal data. Given that it apparently has something to do with DRM, I would be disabling the service anyway.

    • baybal2  6 years ago

      > Whether consent is legally required or not

      Lets not guess it, lets file a complaint, and see if we can get Google sued for n billions of euros.