[mariushn]

Same for offline businesses. Go to a bank, they'll ask your consent for handling personal data ("It's a GDPR law"). If you don't want to sign, they won't do business with you. No bank will.

So, it's just one more paper to sign, and doesn't help the actual consumer. I would have expected more of "Don't send me any promotional/survey questions unless I opt in", or "Never share my data with 3rd parties, period".

[bulatb]

> If you don't want to sign, they won't do business with you.

That's illegal. Consent to processing can not be a prerequisite for service. [0] (Otherwise GDPR would have no power, even in theory.)

If the processing is so important that service cannot be provided without it, or wouldn't be legal to offer, it's covered under Art. 6(1)(b), (c), or (f): performance of a contract, legal obligation, or legitimate interest of the business. Consent—Art. 6(1)(a)—is what you use when you just want the data but don't actually require it to offer the service.

Saying "Sign consent or go away" is saying "We could serve you without this, but we want it, so we're lying and saying we can't."

It seems like almost everyone has chosen this weird malicious non-compliance (maximum annoyance but without the compliance) as their GDPR strategy.

Maybe lawyers found a way to claim that left is right and up is down.

[0] Art. 7(4): https://gdpr-info.eu/art-7-gdpr/

[vukk]

Perhaps you should go read the thing, you might be positively surprised. The first thing you want is there, the second is a more complicated question. Sometimes some of your data is actually really needed, e.g. when required by the law. GDPR is a compromise: you have to state explicitly where the data is going and you better keep it safe, under the threat of a possibly hefty penalty.

This ^ is a shortened simplified statement. You can argue semantics or maybe that I'm just flat out wrong if you wish, but that'll mean you read the GDPR, a win in itself.