Comment by raverbashing
5 years ago
I always read this as:
"Our European visitors are important to us BUT vacuuming all your data and selling to multiple bidders is importanter"
You wanna be obnoxious? Sure, go ahead, but I'll dislike your site more (and I have adblock so I have no qualms in accepting). Wanna pretend you're compliant by having an obvious non-compliant "solution" and think that will shield your responsibility? Now I'll just hate you and will probably bounce off your site
They're serving you a web-page regardless. It probably isn't the data as much as they don't want to run afoul of EU law.
Breaking the law is a generally considered a big mistake and regardless of the stereotyping about businesses they can be pretty timid when dealing with governments.
Sure, I have more respect for the ones that 451 it than for the ones that pretend (very obnoxiously) to be compliant.
> Breaking the law is a generally considered a big mistake
Except when it's about breaching the GDPR. In this case it's considered "business as usual" and Google and Facebook successfully get away with it.
But they are breaking the law.
"Accept/Ask me later" is in violation of the GDPR.
Exactly this. Every time I read about GDPR compliance, it feels like a very well-designed set of guidelines that are easy to follow ... IF you aren't stalking users. The complaints about it have the same tone as the Guild of Assassins complaining that laws against murder are really hard to comply with in their industry. Of course they are, and that's the point.
--------------
Hypothetical conversation with a Malicious Advertising Website:
MAW: Can I stalk my users without telling them?
GDPR: No, you must have consent to track users.
MAW: So I can assume I have consent because they're using my site?
GDPR: No, the consent must be explicit.
MAW: Got it, I'll put it somewhere in the fine print of the terms of service.
GDPR: Uninformed consent doesn't count. Fine print doesn't count as informing users.
MAW: Okay, so I'll have a banner with an obvious "accept" button and several hidden steps to opt out.
GDPR: Nope, it must be just as easy to retract permission as to grant it. If it's a single step to accept, then it must be a single step to reject.
MAW: In that case I'll have the "reject" button kick them off the site.
GDPR: Consent must be freely given, and having a service be conditional on consent is coercion. Consent to track may only be given as a gift, and not as an exchange.
MAW: WAAAH!! This is so hard!!
---------
Hypothetical conversation with a Non-Malicious Website:
NMW: I don't track any information about visitors to this site, and only serve non-targeted advertisements.
GDPR: Sounds good, go right ahead.
NMW: Say, I want to make a "To-Do List" site. Do I need to warn users that I'm going to remember the to-do items for them?
GDPR: Nope, no issue there. That's necessary for the service to function.
NMW: Huh, this is really simple.
MAW: Nevermind, I'll identify users via browser fingerprinting.
GDPR: Browser generated information was ruled personal data and falls under GDPR.
MAW: Just let me stalk on my users without their consent, goddamit!
>Every time I read about GDPR compliance, it feels like a very well-designed set of guidelines that are easy to follow ... IF you aren't stalking users.
There's a difference between being compliant and being _in compliance_. There's a real cost to the latter. Why should sites that primarily serve non-European readers bother with it? The assumption that they don't because they're all greedily stalking users is a misguided, but popular, cynical take.
I'm not sure what the distinction is between the two. Is one of those having a verified system to ensure that you are compliant, while the other is merely being compliant but unprovably so?
it looks like great tl;dr, but I'm not expert on GDPR
nice
It's a nice summary of the GDPR, and following this TLDR in good faith will get you in compliance (at least enough to avoid scrutiny from the regulator).
Except the GDPR doesn't work as sold.
More accurate to say "businesses don't do as told".
How so?
Not enough enforcement