Comment by ChadNauseam
1 day ago
in what way is it malicious compliance? the law just requires you ask for consent. that’s exactly what companies do. some companies violate the law by asking for consent in a way that is misleading or incorporates dark patterns. but if the law says “you must ask for consent before you do X” and companies ask for consent before they do X, that is just compliance, not malicious compliance.
As an example of true malicious compliance, some companies intentionally add trace amounts of allergens to all their food, that way they can just claim that all their food contains allergens and not be at risk of being accused of improper labeling. but the intention of the law requiring accurate labeling was clearly not to get companies to add more allergens to their food. it requires a level of creativity to even think of complying like that. It requires zero creativity to think “this law requires user consent before tracking, so let’s ask for consent”.
Have you seen the 300 individual checkboxes you need to disable? Or the hoops that the advertising industry went through to claim that “Do-Not-Track” didn’t count for:
> In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02...
Article 4, Section 21.5
The malicious compliance is more that they all refused to add the one-click opt-out until a high-profile enforcement against Google brought them to heel.
that’s just noncompliance. and the one-click opt-out still implies one click, which implies the cookie banners
The "malicious" compliance came from the trick that accepting / opting-in was fast and almost instant, but rejecting / opting-out was a slow and arduous process, and it required lawsuits and fines [0] for companies to comply.
I found a website that lists all fines handed out for violating the GDPR: [1]
[0] Google fined €325 million by French CNIL for placing cookies without consent https://www.cnil.fr/en/cookies-and-advertisements-inserted-b...
[1] https://www.dsgvo-portal.de/gdpr-fines/gdpr-fine-against-goo...