879
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 03 Oct 2023
879 points (97.9% liked)
Technology
59205 readers
2752 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Well, now we'll see if the EU finally pulls its head out of their ass and clarifies that no, "consent" gained this way isn't "freely given", or if they legalize the practice and make GDPR even more of a joke.
Various DPAs have taken different positions on this, unfortunately encouraging this practice.
You make it sound as if the EU is bad at this, while they are at the absolute forefront of fighting for our rights in several different categories.
I seem to remember that it's already there - the consent or lack thereof cannot be the basis for denying service.
It's unclear and as I said, some privacy regulators are saying it's OK. Hence the need for clarification.
There has already been multiple rulings under the GDPR where pages made it too hard to reject processing of personal data.
Google was forced to change their consent banner to make it easier to decline.
GDPR explicitly says that it must be as easy to decline as it is to accept. Paying €14 per month is not as easy as not paying €14 per month.
Consent is also not "freely given" if paying is the only way to avoid consenting.
Unfortunately, due to lack of clarity (and lack of clarification), many DPAs (privacy regulators!) have explicitly declared the "pay with data or money" model OK.
Google may have been one of the very few cases where a meaningful fine was given. For almost everyone else, blatantly breaking the law paid off big time.
Yeah, you're right, it seems many of these sites are getting a free pass, and reaping she benefits... Eventhough it's obviously not allowed by the GDPR.
They're doing plenty, what are you talking about?
GDPR has turned into a joke due to lack of enforcement (partially due to Ireland serving as a "privacy violation haven"). For years saying "no" to tracking required many clicks, and I don't know of any companies that received penalties that would exceed the extra profit they made from that. Even blatantly illegal schemes where not agreeing locked you out of the web site usually didn't get punished.
Many sites still don't get proper consent, and also check out what many consider under "necessary" or "legitimate interest" cookies/tracking that you get after you said no. In hindsight, breaking the law was the only smart thing for sites to do, and many did.
Then, this bullshit. GDPR and the original explanations were pretty clear that the intent was to ban this kind of "agree or pay" scheme, and here we are. Of course they'll do it, because they win either way. Either it's considered legal, or there are no meaningful consequences...
This is not the only thing where the EU moves at a snails pace, ignoring that industry is making a joke out of well intended regulations. Many praise the EU for making Apple adopt USB-C. What they miss is that the attempts to standardize chargers started in 2009, when most manufacturers, Apple included, promised to agree on a standard, and then the EU let Apple dance on their nose flying loopings though loopholes for 14 years. That's right. Apple introduced Lightning after they were supposed to standardize, and the EU let them.
The Irish DPA must be so incredibly corrupt.