Without enforcement, the GDPR is a fail

And the same goes for California’s AB-375 privacy bill.

The GDPR has been in force since May 25th, and it has done almost nothing to stop websites that make money from tracking-based-advertising stop participating in the tracking of readers. Instead almost all we’ve seen so far are requests for from websites to keep doing what they’re doing.

Only worse. Because now when you click “Accept” under an interruptive banner saying the site’s “cookies and other technologies collect data to enhance your experience and personalize the content and advertising you see,” you’ve just consented to being spied on. And they’re covered. They can carry on with surveillance-as-usual.

Score: Adtech 1, privacy 0.

Or so it seems. So far.

Are there any examples of publications that aren’t participating in #adtech’s spy game? Besides Linux Journal?


This entry was posted in adtech, advertising, publishing. Bookmark the permalink.

11 Responses to Without enforcement, the GDPR is a fail

  1. Evert says:

    GDRP is an unenforceable monstrosity that could only have been though up in the echo chambers of the EU government.
    Aside from having to now click a “yes” button on the majority of website the only other effect is that a number of US based website have decided that compliance is not worth the trouble and have made their sites inaccessible from a European IP address.

  2. Ed Steenhoek says:

    First, any law without enforcement would then be a fail and there are many of these with GDPR being far from the first or the last. But there is enforcement once complaints are filed. Since you protest against it, I assume you filed a complaint about it at the applicable privacy office. If not, then please do as you seem to care about your privacy and only you can make that chance. Enforcement as it is defined is reactive. Not pro-active.

    Second, the behaviour you describe may exist but that doesn’t make it right. I’ve seen many examples that do a way better job than you describe. Examples where functionality, analytics and advertising are separated out and can be chosen individually. It just tells something about the particular site/magazine.

    Third, in its pure essence, there is nothing illegal if you give consent to being spied on as you call it. The intend of GDPR is not to prevent tracking cookies. When you do, some rules (e.g. about transparency) apply of course. But it is the user’s own free choice to trade some of his privacy against access to information. You don’t have to if you don’t want to but you then might not be able to access that ‘free’ information. It may shatter some dreams but in a world-economy dominated by money, there is no such thing as ‘free’ and privacy has become a currency.

    Last, in stead of only complaining, why not fix GDPR compliance at your own end first? Your reply form requires me to give my name and email address. Why do you need my email address? Under GDPR (and yes, as I am a European citizen, that does apply to Harvard too) you should have a reason for storing my privacy data. As long as I don’t tick the box to receive follow-up emails or new post notifications, there is no need and you should no want to store it.

    • Doc Searls says:

      Ed, your comment has so many claims and accusations that I don’t know where to begin. So I won’t.

      I’ll suggest that for context you take a look at what I’ve been writing and doing for at least the last ten years. If you’re interested, start here.

  3. Nelson says:

    Nice victory for consumers, In fact, I must say I’m rather proud of Californians for standing to together for something and making an impact, against big money & influence. Consumers rightly should have control over there data and how it is used. The credit bureau has collected financial info on millions, and as far as I know you nor I have ever given consent or permission to collect & monitor our financial data. It is, however a useful service but just imagine how did they come to get the rights or permissions to provide this service to millions.

  4. John Doe says:

    Haha… GDPR is an elephant…

  5. Matt says:

    Ed, you’re an idiot. There is no other word to define you. Well, actually there is, dozens of them, but that would be a waste of time.

  6. Dave says:

    Hi Doc; I have a screenshot of the kind of thing that sometimes pops up, in perhaps what was an intended result of GDPR. Not sure how to show you. But it show options for things like (unchangeable) functionality, tracking, social, etc. If honored, the settings choices would be favorable to user.
    Best, dave

  7. Pingback: About that right to be forgotten | Hennings blog

Leave a Reply

Your email address will not be published. Required fields are marked *