The purpose of the EU's General Data Protection Regulation was to effectively ban the ad-tech industry and its practices by annihilating the pretense that clicking "I agree" or loading a page that said, "You agree" was the same as consent for tracking.
https://boingboing.net/2018/01/09/information-controllers-galore.html
1/
Under the GDPR, service providers would be forced to only collect data for explicit, enumerated purposes that could be expressed in plain language, and could only share data with other entities after each one was explicitly approved by the user.
So if you operated a site that ran 50 trackers that harvested data that was passed on to hundreds of brokers who passed it on to thousands of other brokers, then each time you got a new user, you'd have to get thousands of permissions from the user.
2/
Each permission would have to be meaningful: you'd have to explain in simple language what you were doing and why, and even if the user opted out of that collection, you'd have to still let them proceed to the site.
The fact that users might just leave your site rather than saying "no" 2,000 times before being allowed to proceed was a feature, not a bug. It was meant to expose the sham of consent.
3/
Basically: "Obtaining informed consent to thousands of surveillance acts takes hours, so whatever you were getting by adding a line of 8pt grey-on-white type that said, 'By visiting this site you consent to our privacy policy,' it was NOT consent."
But ad-tech didn't get the memo. They started to put up "cookie walls" on their sites, pop-up boxes that basically said, "Accept our cookies or fuck off."
4/
That's not consent either, and the European Data Protection Board (EDPB) just published guidelines saying so:
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf
Also not consent: scrolling past a thing that says, "Please look at this dashboard and tell us which acts of surveillance you're OK with." A user who scrolls past that dialog should be presumed to have WITHHELD consent, not granted it.
5/
"Actions such as scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirement of a clear and affirmative action”
On Tech Crunch, Natasha Lomas calls this "cookie consent theatre," and predicts new enforcement action, noting that "GDPR fines can scale as high as €20M or 4% of global annual turnover."
eof/
@pluralistic GOOD. Fuck ad companies and scummy data harvesting. Also fuck sites that basically on the day the GDPR came into law, were just like "OH OOPSIE we didn't get enough time to prepare so we're just going to lock out anybody who is covered under that until we fix it* sowwwyyyyyyyy" (*: they will never do so.)
