I've just found out that it will change the cookie law to require explicit consent. I've already come across one website that has thrown up a splash page to harvest my consent before it redirects to the page I actually want.
I don't care about cookies, but the problem here is that I have to enable scripts before I can click the button and visit the page I actually want. So if that gets rolled out across all websites it will defeat the point of me browsing without scripts in the first place. Grrrrr.
>>26548 Supposedly the successor to the "cookie law" which is ePrivacy, not GDPR, actually seeks to reduce "consent overload" and move the soliciting of permission from web site to browser.
The GDPR gives users an unprecedented level of control over their personal information.
If they're collecting data with the consent of the user, that consent must be explicit, granular and revocable. They can't demand that you sign away all your rights just to access their website or do business with them. They have to offer you the option of sharing only the amount of personal data that is absolutely necessary for a specific transaction. If they use cookies to save the contents of your shopping cart and for ad tracking, they have to offer the option of opting-in to the former while opting-out of the latter. You can also change your mind about giving consent at any point, or revoke consent for any specific piece of information.
>>26548 >I've already come across one website that has thrown up a splash page to harvest my consent before it redirects to the page I actually want.
Strictly speaking, if they won't let you in without giving consent, then it's not consent freely given and doesn't count.
>>26551 The cookie law was only ever used as a weapon by the disgruntled and competitors. The public didn't care and the ICO had no interest in taking any meaningful action. There was only ever a single prosecution across the entire EU (in Spain). Will this really be any different?
Consulting firms sure love to shout from the hills about how much must be done though.
>>26548 > So if that gets rolled out across all websites it will defeat the point of me browsing without scripts in the first place. Grrrrr.
This is my same bugbear I have with cloudflare. I have to give temporarily script access to a domain that I don't want to in order to bypass their DDOS-protection crapola.
If they dropped me at a cloudflare.com redirection page or whatever so I could give that script rights (over https) then I might sort of be less miffed about about it as I'd only be trusting one domain rather than every domain I want to visit that's protected by CloudFlare.
They're almost certainly in breach of the GDPR and I intend to complain to the ICO as soon as the Data Protection Act 2018 is granted royal assent.
Their interstitial does give you the ability to opt-out of third-party tracking (albeit through a convoluted and confusing process), but they don't offer you the ability to opt-out of data collection entirely. The opt out screen says "To continue using HuffPost and other Oath sites and apps, we need you to let us set cookies to collect your data", which is contrary to the conditions for consent in Article 7 and Recital 32 of GDPR.
>>26562 If in doubt, blame the victims. It's a strategy that works every time. Pesky EU users, it's your fault we can't hoover up your data in dubious fashions and bury it in 500 pages of legalese any more.
I've managed to get a handful of GDPR emails from sites I've never used, so now I can see where people have used my details or which idiots don't know their own email addresses.
There's an american bloke who has the same name as me, and it seems his email must have an underscore or a dot in it somewhere but is otherwise identical to mine, so I keep getting emails about the warranty expiring on his Buick and the occasional forward from his family when people type it wrong.
>>26573 Agreed. Clear violation of Article 7.4 and contrary to the Recital 43.2. No bundling means no bundling. They can be asinine and insist on explicit consent for contact that's absolutely necessary for the thing to function, but if >>26574 is the thing they want agreeing to then that's blatantly not necessary and a clear-cut case of bundling. "Our business model won't work without this" and "the site literally breaks if you don't enable this" are two completely different things.
>>26575 How do I report it anyway, I'm guessing the ICO doesn't yet have the infrastructure set up, as their website has a whole list of subjects to complain about but none are relevant.
