Comment by kortilla
5 months ago
HN rants about it because it’s not a good solution. It identified a problem but caused an idiotic fallout (cookie banners) and failed to actually put in a framework to enforce that companies aren’t just lying.
5 months ago
HN rants about it because it’s not a good solution. It identified a problem but caused an idiotic fallout (cookie banners) and failed to actually put in a framework to enforce that companies aren’t just lying.
I agree but small stick to beat them is better than none.
I guess best solution would be usage of some proxy which intercepts these calls or provide fake data to them. As op in the article did.
> failed to actually put in a framework to enforce that companies aren’t just lying.
That's not true. I work in an European company and we were contacted by the agency to give a complete list of partners that we use, reasons for why it is justified, which routines we have for deleting old data etc.
I guess in theory we could have lied and made up data, but only an idiot would risk lying to the government. Everyone at my company took it seriusly and tried to provide as accurate data as possible. There were also several follow up questions that had to be answered.
The mindset of lying to the government to "protect" your employer seems so far fetched. Why should an employee lie to the government? If it turns out that the company was in violation of GDPR the worst case scenario for the company is a fine. If the government finds out you are lying, the employee faces jail time. The trade-off is simply not worth it.
Maybe it's easier to lie to the government in some countries, but not in my country. The government agencies actually checks and verifies your claims.
The lie doesn’t have to be intentional. All it takes is a really simple accidental debug logging flag to collect what amounts to a GDPR violation.
The point is that no effort was made to implement a technical solution to protect privacy. So it’s upsettingly trivial to violate the GDPR unknowingly and any company that is even a little unscrupulous (of which there are hundreds) can easily ignore the law.
> The point is that no effort was made to implement a technical solution to protect privacy.
And you want the government to do that?
Why haven't the companies who at every turn shout how privacy conscious they are haven't done that?
It's now been 8 years of GDPR. Why hasn't the world's largest advertising company incidentally owning the world's most popular browser implemented a technical solution for tracking and cookie banners in the browser? Oh wait...
1 reply →
I've been seeing cookie banners on European websites long before GDPR was a twinkle in some Brussels bureaucrat's eye.