Do you think it's possible to politely ask them on twitter to change? Maybe as a group?
Some even make it slow to accept, or reload to a homepage after submitting, instead of back to the original page. It just doesn't make any sense to me. But apparently people just accept it as the way the internet is nowadays.
If you are talking about this and not malicious reloads that make giving a consent harder. (I haven't seen that latter and the former doesn't bother me.)
The Data Protection Authority are underfunded and understaffed. They try the best with their resources.
There are way too many people that tolerate absolutely pathological software vendors for trivial reasons. Don't be part of the problem.
Obviously authorities can’t follow up on every small player here, so the key is to make an example by imposing some extremely large fines on some large companies.
Anyone who sees it should think “whatever we risk losing by losing 99% ad revenue is better than THAT”. Preferably sanctions should include personal sanctions on decisionmakers but I’m not sure if that’s possible as the regulation works now.
It needs to be made a proper criminal offense so that investigators have the tools they need. An efficient way to go about this could be to find one of the companies that supplies these dark pattern services (sells cookie gateway services), demand lists of their customers and verify that they indeed used that product - and fine all off them off the face of the internet.
This site here e.g. does it: https://www.spiegel.de/
imprint is still reachable, but if you want to read this news site you'll have to allow all the tracking crap.
They call it Nudging.
I might translate this to a proper blog post in English.
Both via legitimate interest and consent.
Now a lot of sites play tricks to make the reject/out-out a hard deliberately choice. (Which IS a violation of the GDPR, of course.)
In the large majority of websites, Google Analytics fires even before the cookie banner, and the banner is only used to inform you that by continuing navigation you are accepting to be tracked.
Yes, this is illegal. But not enforceable.
[1]: there are devs selling websites for 500 dollars/euros.
Look I need money, you want me to track users at each step, record ip and browser information(and extra), and log that into a database even if you haven't hit submit? Okay.
I don't agree, but my son needs to eat. My day job sucks, I'm in a never ending spiral, I'll code anything you want. My passion is far gone.
If you disagree, I actually agree with you, it shouldn't be this way, but this isn't the net of the 90's, I need side cash and my son is hungry.
To summise, I'll break every rule, or find a work around necessary to keep my family up, and I hate it.
I love the internet, hell it made me who I am, but until browsers become serious about user security, it's not going to happen.
https://twitter.com/LetMeReject/status/1366473613709365257?s...
Thanks to everyone supporting this. We changed the world a little bit.
If you think this format has potential please follow @LetMeReject.
Why can’t regulatory bodies set up automated flows and tools to handle this at scale? Don’t need to catch every case but they should be able to massively scale the complaints process for this.
Based on the lack of any real regulatory action under GDPR, I’m guessing regulators would prefer not knowing who’s breaking the law since they aren’t actively enforcing GDPR (for better or worse).
These accept-only 'consents' do the same type of trolling. Sometimes they even say on top of that that by using the site you accept their use of cookies. (Which is OK, as long as they only use essential, e.g. session cookies, but a lot of the time it's not the case.)
That might well not be a problem, depending on how the configuration and setup of Google Analytics was done in that case.
From https://www.cookiebot.com/en/google-analytics-gdpr/
- turn on IP anonymisation
- don't send personal data
- don't send pseudonymous identifiers
- I add: tell GA to not set cookies and to not track the user (IIRC it's "storage" set to "none" and "storeGac" set to false)
If one does that when the user's not opted-in to "analytics" or "tracking", that ought to be enough to satisfy informed consent, no? The site is then just tracking page views, with no personal information or cookies to fly around.
If the user then opts-in to analytics then the site's code could well send more pseudonymous data to Google Analytics, with the user's consent, as well as tell GA it's fine to track the user around the site using a cookie or whatever other means.
Same goes for the setup for Adwords or similar: it's all in the hands of the website, and so long as things are configured to not track the user, it might be fine.
If a site's livelihood depends on showing ads to users, it doesn't mean that the user has to opt-in to ads. They ought to opt-in to being tracked by the ad provider.
So, configure _that_ -- no opt in? No tracking. Opt in? Tracking, remarketing, retargeting, what-have-you.
It's all about "playing safe" and _not_ tracking when the user's not opted in.
Many sites instead do it the other way around, and do it all until/unless the user's opted-out.
And even then, I wouldn't hold my breath that they're really doing it.
Some are, or at least try hard to.
The GDPR strictly requires an explicit opt-in. So it's reasonable to assume that clicking on 'X' is a rejection. But some website do not accept that as a rejection.
Does that break the law?
In this case, only by consenting to the cookies I could have access to those links.
Only 'I agree' and 'See more' which leads to other dead-ends.
