this post was submitted on 07 Sep 2023
863 points (91.3% liked)
Programmer Humor
19623 readers
96 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
IIRC the EU also ruled that burying the rejection options under additional links counts as a violation. Hence why Google now has a Reject button next to the accept button. Most sites still do that.
Do you know if there is a EU-wide place to report such behavior?
The biggest privately owned TV channel in my country not only does that, but actually just redirects you to a pdf file if you want to "manage cookies". And it's not like I can submit a complaint on a national level, as the ruling party's website uses google analytics without a cookie notice at all.
I think you report to your nation's Data Protection Centre, each member has their own that takes the reports. If I was still in the EU I would have put more time into finding out how reports work.
Yeah, either of the nation or your nation may have data protection officers for individual states/regions.
https://dataprivacymanager.net/list-of-eu-data-protection-supervisory-authorities-gdpr/
Here you can find the GDPR authority per EU country.
I mean almost all websites fall foul of that. You often have to bury deep and end up with a palette of complicated choices and acceptances of individual tracking companies. It’s a bloody mess. The EU should just have mandated “do not track” adherence. There’s already a standard; just enforce it.
Most sites definitely don't do this
There is also a name for these kind of psychological tricks and pressure. It's called nudging.
I found a small report on this by the EU Commission's science and knowledge service. https://publications.jrc.ec.europa.eu/repository/bitstream/JRC127856/JRC127856_01.pdf
There are surely even better resources.
Yeah this is very common, I don't know why other people on here are gaslighting like it doesn't happen. It's this way for major sites like YouTube/Twitter/Twitch/etc too. Hell even embedding a YouTube video on a site is violating GDPR. It's a good idea, but needs a version 2.0 patch to fix some exploits.
They're still widely used for some (illegal) reason
Because they rest safe in the knowledge that you rarely if ever get taken to court for it. There are millions of web pages, it needs people to take action to do something about it, and just clicking "Yes all of them" to access the content you were just trying to get to is a far better solution in most situations than hiring a lawyer and investing a few years of legal proceedings, nevermind the money.
There is an organization called nyob (I think) pushing back against that and going through the courts to have more sites penalized for their violations. The process is slow, but I see more and more pages adopting the required "reject all" so there seems to be some pressure on them.
even worse offenders are the ones with tick boxes for "Legitimate Interest", since legitimate interest is another grounds for processing (just ads freely given consent is one), the fact you got a "tick" box for it makes it NOT legitimate interest within the confines of the GDPR.
it also doesn't matter what technology you use whether its cookies / urls / images / local storage / spy satellites. its solely about how you use the data..
But what are they going to do about it?
"Here's a fine, if you don't pay it your site can no longer operate in the EU"
"... ok"
The EU is an important market for many websites, so yeah, that is usually what happens.
We're specifically discussing websites that refuse to load in the EU anyways as per the post
I understood the post as those webpages only refusing to load, if the user declines Cookies. So, they do still want to benefit off of those EU users, who click "Accept".
Ah, I think I misunderstood then.
Those pages can just fuck off. There are many more pages.
Of course that's just my opinion.
They found a way around: accept all cookies or pay 2€/months. And it was decied legal by GDPR authorities
Some national authorities allow it, most don't. The final word will be from the CJEU or the EDPB.
The what or what?
The EU supreme court or the EU data protection agency, roughly.
GDPR enforcement is left to the member states. The EDPB isn't an agency, its more like all the national data protection authorities in a trench coat.