@finestructure If there's one thing I've learned from this thread it's that nobody has actually read the EU GDPR but everyone has strong opinions on why it's bad based on the assumption that what websites do is actually compliant.
@dfyx Yup. I've launched a site as the #GDPR went in effect and Legal (of a large German energy company) approved it, so I'm pretty confident that we did the right thing. (Also, it wasn't a terrible banner like we see everywhere).
I think I've read (the relevant?) parts of the GDPR at the time but god knows I wouldn't swear on anything I did more than a week ago, if that.
@finestructure I think the California ‘Prop 65’ notices are somewhat similar. According to a recent 99% Invisible the intent was that manufacturers would reformulate products but instead the answer was often to just label everything.
@MacBalance I don't know about Prop 65 but it sounds like the typical: 100% of attempts not made will fail. Not even trying just serves the status quo.
@Paxxi@finestructure Well, kind of. As the GDPR doesn't mention any specific mechanisms of gathering consent, it's rather vague.
But yes, enforcement is the biggest problem. I would guess that 90% of sites that use cookie banners are not GDPR compliant and nobody can do anything about it.
Even bigger violations often don't get punished at all or are just a fine that's lower than the profit made.
@finestructure Sure, but since cookie banners and those “do you agree to us sharing your data with our 78000 partners, you must disagree one by one” are basically a perverse outcome of the laws, it’s on the EU to fix that too and be more firm and direct about how companies are allowed to comply.
@rhysmorgan@finestructure Are you sure? A closed list of HOWTO is not future-proof and cripples innovation. And a list of DON'T can not include subjective things like "don't be a dick".
@groue@finestructure Not suggesting they have to make a list of how to’s. Completely agree that can cripple innovation. But they could have some mechanism for quickly blocking egregious examples of malicious compliance. Just requires actually staying on top of the market, and measuring the actual outcomes.
@rhysmorgan@finestructure Malicious sounds pretty subjective to my ears as well :) We live in an internet age of money, targeting, and surveillance, that's it 🙃 To me, the eventual resolution will not come from plain regulation. (And I don't pretend to have an original position 😅)
@groue@finestructure Sure, a lot of it's subjective. In some of these cases though, the intent of the DMA is fairly clear (and maybe sometimes even clearly legislated!) but Apple are, in some ways, ignoring it and doing bare minimum.
If Apple's changes don't actually end up allowing greater freedoms under the law, I think it warrants revisiting and declaring as malicious compliance. IMO, shouldn't even have to wait for user harm, and be more proactive.
@rhysmorgan@finestructure I would not be surprised if Apple moves would be scrutinized, maybe eventually investigated and poundered by EC or a court. You can't fight against an army of corporate lawyers without a lot of work, right, and I'm not sure proactivity can help much here. One can't punish for potential or yet-to-come harm, the actual effects of Apple policies have to be studied. Now... I should read some Montesquieu and strenghthen my thinking about the Letter and Spirit of the law 😅
@groue@finestructure That's a good point. None of this affects me anyway (yet) as I'm not in the EU anymore 🙃
But I do hope the EU do more based on Apple's stated plans. To be fair, Apple's second round of DMA changes (and reinstating Epic's dev. account) do seem to be the result of exactly that.
@finestructure sorry, but that’s blaming the wrong people here. The EU could easily have forced browser developers to implement a do-not-track header, and force websites to honor that. Would have been a great solution for the customer without companies being able to cheese it. But did they do that? No.
@finestructure your initial post indirectly blames the user, which I find a bit harsh and kind of sounds like victim blaming to me. Of course the user has some fault, but what are they supposed to do? Not use the entire web? That’s not practical.
The only ones able to solve this are politics or corporations. Since the corporations are the abusers here, that won’t work. Therefore, it’s the politicians responsibility to solve it. And evidently, they didn’t do a good job here.
@can I “blame” the users who are angry at the wrong entity. By all means, be angry about cookie banners! I am, too! But I'm angry at the site's operator, not the regulator. That's the difference.
@finestructure Shouldn’t a law be designed around malicious compliance being the default norm and address it specifically? Otherwise, it says as much about said law as it does about the companies complying with it in said manner.
@Abazigal@finestructure The purpose of a system is what it does. If it allows for malicious compliance, and the gaps that allow for malicious compliance aren’t patched up…
@finestructure you do realise that companies do not manually acknowledge your consent? The EU could have given consumers the option to opt out for all trackers all the times. That's what Apple did and then big tech got angry and started crying with the EU and now we are here. 🙄
It looks like you are being flung around by bad actors like Meta, Epic, Spotify .... 🤷🏽♂️
@finestructure What does “worked” mean here? Surely it’s the job of the regulator to make sure a regulation leads to the desired outcome. If it was the job of the entities being regulated, we wouldn’t need the regulator.
@finestructure@NeoNacho making marketing opt in / nagging about it illegal wouldn’t have been hard at all. We all know what it looks like and the courts aren’t stupid. The most likely explanation is that would not have suited those who lobby the regulators and/or they were looking for the non existent 3rd option
Also the thing about “malicious compliance” is it’s compliant. Malicious compliance is for stupid laws. You don’t get malicious compliance with most laws.
Add comment