Fortune favours the Brave: Privacy browser chap takes gripes over adtech body's website to Irish data watchdog Adtech industry body IAB Europe is facing down another data protection complaint from Brave browser bod Johnny Ryan, this time over the all-encompassing cookie wall stalking its site. The complaint, filed today in Ryan's home nation of Ireland, seeks to win a long-running argument between privacy activists and the tracking …
Matthias Matthiesen said that there was "nothing in either the GDPR or the ePrivacy Directive that prohibits so-called cookie walls (or consent walls for that matter)".
Uh-huh?
"In order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the processing of personal data or the processing of information related to or processed by the terminal equipment of end-users."
It's a fine strategy, they know it's wrong but know that unless someone takes them to court and pays the expense of doing it they can carry on. They just need to decide to change their mind before any major legal expenses are due.
What should happen it the data regulator sees, this. Tells them to stop, they don't they get a fine. They still don't stop, they get a larger fine until they do.
They don't like it they take the data regulator to court at their own expense.
"It's a fine strategy, they know it's wrong but know that unless someone takes them to court and pays the expense of doing it they can carry on."
In Europe, the loser pays the legal costs of the winner in civil proceedings.
"They just need to decide to change their mind before any major legal expenses are due."
However, breaking the GDPR is NOT a civil dispute, but breaking the law. What Mr Ryan did was informing the Irish Data Protection Commissioner that IAB was breaking the GDPR. Which means that even if they change their policies, they were still breaking the law and could be punished.
Ah the old 'the law doesn't specifically say we can't so we obviously can' defence.
Newsflash - the law doesn't explicitly say you can't plant land mines in your front garden but I suspect the authorities would take a dim view if you did!!
Icon - well not my fault the postie stepped on to the grass...
Access cannot be conditional on consent. It's against the law.
Since you are totally against tracking, I presume you would be okay with me using your online banking account and having tracking disabled on that particular bank's webpages?
I do know that there is a reason tracking must be conditional on consent in some locations, but that the same time there should be a public "free (no tracking mode)". It is interesting that folks think they need more tracking is some locations such as banking and less tracking in other situations. To me, this is easy as I just don't use the sites who want to track me on publicly available information. Please do the same.
I think the land mines are illegal under international treaty or convention although IIRC the US didn't sign, so presumably legal in your lawn there.
IIRC also the "land" mine ban doesn't apply to a beach below the high tide line because that isn't officially "land". So jolly fun to have with your bucket and spade.
Hit a site with a cookie wall, simply close the tab. At the moment I can't think of a single case in my use of the web where there was no alternative site without the intrusive cookie wall.
I know that's not going to cover some edge cases where there is simply no alternative, but for most such shitty sites, just close the tab.
Glad someone is taking on those wankers though, well done!
Maybe a few people will do that, but it doesn't solve the problem (and the number of people doing that will probably be just a rounding error on the site's visitor count).
If nobody ever challenges them, they'll continue breaking the law and collecting data on the vast majority of people who wish to visit the site and see no other option but to agree with its cookie policy.
Seems that more and more sites are doing the cookie wall instead of letting you have access without taking the unhealthy snacks for your computer. The only real option at this point (if you want access) is "private mode" and clear the cookies when done. A PITA but, in my view, a necessary one.
Seems that more and more sites are doing the cookie wall instead of letting you have access without taking the unhealthy snacks for your computer.
This is why I still sport a http version of my website that does not require cookies or allow input data, but the https version where you can fill out information. And in the process of filling out that (possible) private information, I need to be tracked or else it might confuse it with other people. Once enough people get fed up with these kind of setups, they will start voting with their feet and use other lesser known websites instead. I am not sure why but the iab site seems to think that it needs to track people and since they can track you using other methods than just the cookie, don't even use private browsing. (By using private browsing, you continue to support the people that runs those websites.)
He went on to say that there was "nothing new to discuss" after the Dutch ruling, and wouldn't be unless "the Court of Justice of the EU pipes up and introduces new relevant information to consider".
It is completely true there is nothing new to discuss, IAB has been and is continuing to be in breach of the regulation. It will just take a proper fine to convince them.
We will never trust you. You will never be safe for us to allow in. It's nobody's fault but your own.
Please fek off and die and take your entire industry with you.
Interesting! This is exactly what those websites are saying about both you and me!
There are other ways to track a user, such as embedding a tracking code into the link. Once you "login to a site", you should be "tracked" with whatever method to "remind you to logout". Really what we should be arguing, is why we are "required to login" just to view "information" that should be freely available?
Yes, the trackers are the first thing I always strip from the URL before sharing with anyone.
You should see the trackers in the URL that you get from mailing lists like newspaper ones, they appear long enough to hold you DNA sequence*. As far as I can tell, few other people bother when they send me links, so I always have a quick look first - and don't get me started on link shorteners such as bit.ly - why can't the all have the same code for "show me what link this actually represents"?
* yes, that's hyperbole. Roll with it.
created a proxy app that filters what the cookie can send
Been there and done that. I built mine using the perl LWP module.
The problem I ran into, is once you get to data input forms, tracking "who" is filling out what data becomes a requirement again. This especially holds true when it comes to payment information. Not tracking means your payment method could be used by others who are using the same proxy.
My personal option is that tracking should be done on https and non-tracking on http. AKA, if your site has public information, that should not need a login then it should not need any "security" nor "tracking".
My personal option is that tracking should be done on https and non-tracking on http. AKA, if your site has public information, that should not need a login then it should not need any "security" nor "tracking".
Heavens, no. That would deprive Google of its monopoly on traffic analysis (since their analytics tend to be already on the site, like a cancerous growth on the Net). Sorry to pop the illusion if you believed if that was for your protection, but be fair, you should have known better.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
