undefined | Better HN

0 pointsg-b-r2y ago0 comments

A pre-enabled checkbox is invalid for obtaining gdpr consent

0 comments

We are assuming here (incorrectly or not) that since no PII is transmitted or stored, the GDPR doesn’t come into play, and the consent is just asking for permission and not “gdpr consent”

Of course it’s impossible to actually transmit anything anywhere without including the source IP in the http header - a fact we are ignoring completely. But that’s similar to the topic of this discussion: Microsoft does exactly this under the same assumption, that non-PII data can be sent (even via http) without gdpr coming into play. Otherwise they couldn’t have it enabled by default. If there is a ruling that says otherwise then everyone will need to change.

It could also be that first party servers (Microsoft app talking to Microsoft servers) is acceptable and then everyone would route telemetry to their own servers.

g-b-rOP2y ago

I haven't checked how they handle it for VS Code, but you probably agreed to some term before using it, and they're probably relying on legitimate interest

My gdpr is quite rusty anyhow

j / k navigate · click thread line to collapse