“Sunrise day” for the GDPR is 25 May. That’s when the EU can start smacking fines on violators.
Simply put, your site or service is a violator if it extracts or processes personal data without personal permission. Real permission, that is. You know, where you specifically say “Hell yeah, I wanna be tracked everywhere.”
Of course what I just said greatly simplifies what the GDPR actually utters, in bureaucratic legalese. The GDPR is also full of loopholes only snakes can thread; but the spirit of the law is clear, and the snakes will be easy to shame, even if they don’t get fined. (And legitimate interest – an actual loophole in the GDPR, may prove hard to claim.)
Toward the aftermath, the main question is What will be left of advertising – and what it supports – after the adtech bubble pops?
I’m skeptical of the GDPR actually changing anything, but who knows.
So does that mean poor EU folks are going to get a permissions popup on every site they visit? It’s like the site notification nag clusterf–k all over again.
Edited 2018-05-14 19:59 UTC
Gawd I hate these notification pop-ups. Basically they are the digital version of “agree to everything we say or no soup for you”. If I have no choice on the matter, what’s the point of clicking “accept”? Even if I bypass the “understood and accept” screen using some creative hackery it would still count as if I accepted the terms, so it’s like the “accept” button does anything.
Tech companies are like the landlords of old who forced you sign a contract full of abusive terms, otherwise no housing for you. We need some regulation of those terms-of-service agreements like we have for landlord contracts, stat.
Edited 2018-05-14 21:06 UTC
No.
The GDPR requires user acceptance to be meaningful and a genuine choice.
So false choices like “click here to accept or you get no service” are no longer valid agreements.
This is a big change.
In the longer term this will cause 2 things to happen:
1. some services will start charging to be sustainable – fine
2. some users will accept providing their personal data in exchange for services
And there’s also already services that have taken a “move out of Europe or get no service” stance enforced by geolocation.
Which then allows local services to be developed that do comply with EU regulations.
Globa companies will hae the choice to play ball or allow competitors to emerge.
They said this very same thing with the “cookie law” too. How well has that worked? Our choices are to accept cookies or take a hike.
either that or no service at all.
or the companies will track them anyway.
Proctor and Gamble axed their online advertising budget and actually saw revenues increase. Online advertising is garbage that noone actually pays attention to. Yes having a web presence is important in terms of having a good website and an easy to use purchasing interface. But actually getting your brand out on the internet is silly aside from being in search engine results.
http://www.adweek.com/brand-marketing/when-procter-gamble-cut-200-m…
Not to mention that online ads have the stench of actual scams lingering all around them. I refuse to trust an advertising medium which delivers ads that want to give me a free iPad or want to introduce me to hot singles in my area. I won’t even click on the banner. Most of the links are encrypted anyways and who knows what’s on the other end.
Edited 2018-05-14 21:25 UTC
Google seems to be doing rather well financially so evidently some notable number of poeple does pay attention to it…
> I’m skeptical of the GDPR actually changing anything, but who knows.
Haven’t you seen how much the web has already changed? Just look at the changes Google have already made to AdSense and DoubleClick to comply with the GDPR! Publishers can opt-in to non-personalized ads or are otherwise required to prompt for consent before enabling personalized ads and profiling.
https://www.ctrl.blog/entry/adsense-gdpr-consent
Edited 2018-05-14 22:15 UTC
The extraterritorial assertions in GDPR will be its undoing. It will go something like this.
1. A service is created hosted entirely in the US.
2. Some small number of EU citizens sign up.
3. EU orders the service provider to delete data or attempts to fine them, under GDPR.
4. Service provider tells the EU to go f–k itself and makes a big stink on social media or to their Congressman.
At this point either the EU backs down and the GDPR loses all its teeth, or the US government will exact trade penalties on the EU unless and until the GDPR is repealed.
I worked in the hosting industry for years, and citing the First Amendment was typically the response to butthurt foreigners screaming about some piece of content that our customers had hosted, if they didn’t have a valid DMCA takedown request.
Edited 2018-05-15 00:25 UTC
First amendment usually doesn’t apply to privately hosted services– It prevents the *government* from being anti-free speech, not private entities.
The line between “anti-free speech” and “discrimination”, however, can get pretty squirrely, and that’s when the lawyers earn their money.
Personally, I still feel the best middle ground is that you should be allowed to say / host what you want– but that you aren’t immune from the consequences.
IT’S A BLAST YOU PEOPLE
It’s going to change everything!
As much EU’s “battle” with MS about internet explorer!
Can’t wait!
I’m still wondering that the EU is, actually.
Or rather, what’s driving it. What’s the level of thinking of the people driving the project?
Is it like, a socially conscious, authoritarian, unification, to bring all peoples into a common harmonious existence, with better human rights, and protections in the workplace, and better social nets?
Or is it like, a device for corporate interests to set the rules at a supra-national level, forcing countries to open their borders, migrate the workforce around, etc. as a way to provide cheap labour to compete against China and USA?
Some say the reason the EU is so keen on these sorts of laws which look like they are meant to protect people, is because the EU wants to create the impression that it is a force for the people and a force for good, so that people will feel that the EU is a better place, and thus weaken the usual feeling of national pride, and identity, in one’s own country.
And, crucially, the various rules also serve various corporate interests, by protecting certain ventures, and so on. Stuff we would probably think was moronic if Trump did it (not that I like Trump, he’s gross), yet seems all “egalitarian” when done in the EU, at the expense of say, African farmers.
So…. with that vague ramble as a context, is the GDPR a good thing, and will it work? I’m sure everyone whose business it is to follow regulations and appear in compliance, will take proper action. But the bigger players will use it as just another device to help them win various games.
There is a broad drive to privatise health care (there are simply too many sick people, chronically sick people, running up huge bills in the last years of life, and they are bankrupting nations) so it is a huge opportunity for it all to be privatised, out of “necessity”. And something like GDPR may well be useful for blocking some companies whilst giving access to others.
Anyway, long speculative rant over.
I am actually a big fan of GDPR. As far as user data protections go, it’s way up there. It comes to unify laws and create enforceable mechanisms so that companies are forced to do the right thing. And it’s not only related to user data, it deals with security issues as well. Companies need to start paying real attention to the security of their systems, including patching, or they risk huge fines.
GDPR protects users, not companies. That’s important.