Who else does this apply to ?
For instance Google ?
European privacy regulators have determined that Meta's use of personalized advertising in Facebook, Instagram, and WhatApp violates data protection laws. Specifically, the European Data Protection Board (EDPB), a group of EU privacy regulators, has invalidated a prior decision by the Irish Data Protection Commission (DPC) …
Not quite on topic but since consent options have been mentioned...
A couple of months back Ghostery implemented their automatically 'opt out of all' functionality in their browser plugin.
It works surprisingly well I find.
Whenever I visit a new site, I see the consent pop-up window appear and then disappear as Ghostery automatically says no to all.
It makes me happy each time it happens - small victories :)
If only there were some kind of way that browsers were able to pre-signal that decision without interruption. Maybe some kind of header would work, perhaps "do no tracking" or maybe better "do not track"...
Malicious compliance at it's finest from the entire tech sector at play here.
Simply make it an offence to ignore "do not track". A statutory offence at that. Give everyone a year to get their act together. Then fine anyone who still ignores it a minimuim 20% of global turnover. Not profit. Turnover. Add another 10% each time they fail to sort it out.
No backroom deals, no weasellng out of it. Make it apply all the way up to the highest level of parent / shell company, so the parent doesn't just shutter the child and start afresh with the same behaviour.
Run an extremely public campaign so nobody can say they weren't aware of it.
Don't like it? No business here for you.
Well, Google not so much, not directly, as they apparently haven't tried the same blatant abuse of contract as legal basis as Facebook / Meta. The general gist of the decision (or what is allegedly known about it; it hasn't been actually published yet) seems to be against anybody's advertising based on profiling without consent though; this is still the core of Google's (Alphabet's) business model and the only plausible rationale for their extensive data collection with Chrome* and Google Analytics** (which is hardly based on consent in the GDPR-sense).
* https://contrachrome.com/
** https://noyb.eu/en/update-cnil-decides-eu-us-data-transfer-google-analytics-illegal
Can we get some sort of round of honours for this guy? With a very small number of politically driven exceptions he seems to be the only person willing/able to stand up and point to all the ways that big Corporations (and some politicians who may bear closer checks/cheques) are ignoring laws around data privacy to maximise profits
This post has been deleted by its author
It's more a "appeal things as slow as we can just before we have to pay up or change our ways" as it`'s purely a delay tactic.
In my opinion an even worse problem is the Irish Data Protection Commission (DPC), i don't think there was any legal ground to stand on for them to say Meta was within its rights of using the data without consent. There need to be deterrents for the Irish DPC for taking decisions ignoring the law and favoring corporations like Meta.
This post has been deleted by its author
"Do three months in a triple A cat"
Not sure what that is, but it sounds like the sort of place you put violent criminals and terrorists, the sort of people who would be a physical danger to society at large if they escaped. You don't really want to be filling up the most expensive to run prisons with low risk, non-violent offenders. That just adds more cost for tax payer.
This post has been deleted by its author
The appeals process is how justice is supposed to work. Changing that system would most likely adversly affect us, "the little people" who can't afford large teams of expensive lawyers.
"and don't change anything until we've exhausted that route"
Now that I can get behind. An appeal is against the decision of a court. That lower court has judged you guilty and convicted you. What you did IS illegal and must stop IMMEDIATLY. If you choose to appeal, that's fine, but you you are still convicted unless a subsequent appeal succeeds. Carrying on with an illegal practice after being convicted is contempt of court, even if later you do succeed in an appeal.
I am.
I led a research project on the fulfilment of the GDPR transparency obligation between 2018 and 2021 and found that absolutely no online business in a large randomly collected sample actually complied with the law. Even the 'best attempts' at fulfilment of Chapter III obligations turned out to be mere token gestures that failed to allow data subjects to exercise their statutory rights, and the worst were amazingly transparently unlawful.
Interestingly, we sent a copy of this report to NOYB as soon as it was published - so they probably lost it.
Most of those that did their 'best attempt' to comply would probably not claim they are fully compliant once Max brings a compliant to them and the PDC pointing out specific problems. My guess is that this is what NOYB was referring to with their statement about Meta's arrogant way.
Did you contact the companies you reviewed in the study with the results and what was their reaction?
"Did you contact the companies you reviewed in the study
In general, no as this was a survey primarily aimed at underlining the lack of policing, not an accusatory exercise, so we kept all findings anonymous.
In one extreme case (as reported) we did -- a company providing web sites for medical practices (by definition applicable to Article 9 sensitive data), whose "privacy notices" referred to compliance with the "data protection act 1984". Their response was that they'd "inform their IT department", but nothing had changed a year later on any of the medical practice web sites.
"Meta has the option to appeal both the EDPB finding and Irish DPC ruling, whenever that appears."
Actually, the CJEU General Court has just found that EDPB binding rulings cannot be appealed as such; an appeal may only be made against the DPA decision based on such a ruling. (https://curia.europa.eu/jcms/upload/docs/application/pdf/2022-12/cp220196en.pdf).
Now we are no longer part of the EU thanks to Brexit can some one in the UK actually sue Meta on the same basis given that GDPR rules are exactly the same here still?
Just to give their lawyers something else to think about and I am sure the treasury can find something useful to do with £350M since we seem to have lost that down the back of the sofa since Brexit.