← Back to context

Comment by al_borland

1 day ago

After-the-fact opt-outs are something I never trust. Most data selling is opt-in and requires the user to opt-out. It seems to me that when I submit the form, the data would be instantly sold and by the time I get to the opt-out form it’s too late.

If this isn’t how it works, I’d be interested to know. The whole idea of these opt-outs seem like smoke and mirrors to act good while still gaining the advantage from the dark pattern. The only way to truly opt-out is to not register or use a service at all. There really needs to be legislation around this.

9 comments

al_borland

Reply
hansvm  19 hours ago

That's how it worked the last time I bought a car. I submitted the opt-outs with the purchase paperwork, the ~sales~ data sharing agreements with 10k of the dealership's closest, paid friends were processed first, and I had no end of bullshit from a hundred companies I'd never interacted with previously.

  • chorizo  17 hours ago

    That sounds lawsuit worthy. If you submitted both sets of paperwork at the same time, a reasonable expectation would be for your opt-opt application to be processed first, otherwise it’s pointless.

1718627440  11 hours ago

The GDPR specifies that opt-outs are also retroactive, but of course we know that all corporations happily follow the law.

  • cassianoleal  8 hours ago

    You can’t un-sell data though. Sure you may ask nicely that the buyer doesn’t use it and deletes it, but at that point the cat’s out of the bag.

    • 1718627440  6 hours ago

      In praxis, yes especially if it has already left the jurisdiction.

      Disregarding that, laws don't apply to the first processing party only. If you keep data, that you got informed are not consented to anymore, it is the same as if you keep selling fenced goods.

      1 reply →

  • tardedmeme  8 hours ago

    Corporations seem deathly scared of GDPR, for some reason, while in reality it's enforced about as much as American antitrust (not at all).

    • tactlesscamel  6 hours ago

      Same goes for any "regulation" in the states. Gov't does their job only when it brings revenue in the $$$$$$ territory. Everything else is civil and ignored - even if it's promoting the sale of millions of protected information.

      Of all the reports I've submitted (evidence included) followups and fines have been issued to exactly 0 companies. Hell, Quadlock [phone mount company] happily acknowledged that their policy is to verify identity by requesting plain emails including photocopies of the credit card used for purchase and full state ID. Absolutely against regs.. who cares? Not the SCC nor the FTC.