[nybble41]

> Good, you can opt in to tracking and profiling, if you wish.

What we wish is to be able to opt-in once and for all, to get rid of these incessant interstitial pop-ups sprouting like mushrooms across the Internet.

Perhaps we could introduce a new HTTP header X-GDPR-Consent-Granted, controlled by a checkbox in the browser, to explicitly acknowledge that yes, we know that anyone we interact with online is going to learn various things about us, some of which may be quite personal; that we accept this; and would you please just get out of the way and let us read the article we came here for already?

If the intent was that anyone can decline without any change in service they should have just declared consent irrelevant. No one wants to be accosted 50 times a day for something so trivial, and the answer is obvious—the law prohibits offering any incentive to consent, so the only reason for anyone to grant consent is that they didn't understand the question.

[miracle2k]

I think the way this would play out is that sites would attempt to only respect the header if consent is granted, and would prefer to still show the popup to those who set a header indicating to deny consent. In that case, it would be interesting to see what percentage of users are willing to deal to trade their data in exchange for being not bothered.

I would guess though that businesses would be wary that supporting such a header would legally put them in a position to also support a deny version of it.

[KozmoNau7]

>"What we wish is to be able to opt-in once and for all, to get rid of these incessant interstitial pop-ups sprouting like mushrooms across the Internet."

If they implemented GDPR correctly and in a sensible manner, you would get one popup per site, once. You would give your consent to data collection and usage, and they would save that preference in a cookie or your profile settings for that site.

Instead, they want to punish and irritate you into simply accepting whatever they say, in order for the popups to go away. It's completely deliberate.

They could also simply support the Do Not Track header, or a "Please Track Me" counterpart. But they won't do that, because that would make it too easy to escape data collection and profiling, and wouldn't let them annoy you into accepting their onerous terms.

[nybble41]

> If they implemented GDPR correctly and in a sensible manner, you would get one popup per site, once. You would give your consent to data collection and usage, and they would save that preference in a cookie or your profile settings for that site.

And how is that supposed to work, exactly? If you choose "deny" then they can't track you, so they can't set a cookie or save profile data! Of course you'll get the same prompt the next time you show up. At that point you're just another anonymous visitor of whom they have no prior knowledge. You have to consent before they are allowed to remember your preference.

The same issue applies if you grant consent but take your own measures to thwart tracking, such as limiting cookie lifetime. The next time you show up they don't remember you and must ask again, or else give up and assume that no one ever grants consent.

If you are already signed in to an account that is a different matter, of course, but even for the minority of sites where I would have an account signing in would generally be more trouble than dealing with the pop-up, and thus not an improvement.

> ... into accepting their onerous terms.

There is nothing "onerous" about their terms. They have every right to require your consent in exchange for their services, the GDPR's infringement of that right notwithstanding. For that matter, they have every right to collect, store, and make use of whatever data they are able to gather from your interaction with their service without your consent. The law in this case is blatantly one-sided, and consequently unjust—you aren't forced to beg for their consent to remember and/or communicate whatever data you can gather about the them. For that matter, where is the GDPR equivalent for the government? They collect more information, and more personal information, than anyone else. Based on the same principles as the GDPR, you should be able to opt out of all those income and sales tax reporting forms, for a start, or demand that they delete you from all their databases, with no change in services received.

[KozmoNau7]

>"And how is that supposed to work, exactly?"

Abolish the popups entirely, move the consent forms to a voluntary options page. Implement a user profile system, so people can create a profile and opt-in to tracking and profiling through that. Turn off tracking and profiling completely for anonymous users who choose not to create a profile, or who haven't opted in.

I know there will be an outcry of "but the amount of data we would be able to gather is miniscule!", and I say that's a good thing. Companies have absolutely no right to my personal data and to infringe on my privacy, unless I explicitly grant them access to do so.

The default should be to not track and not profile and not store privacy-infringing data, unless the user has taken specific and deliberate action to allow it.

>"There is nothing "onerous" about their terms. They have every right to require your consent in exchange for their services, the GDPR's infringement of that right notwithstanding."

They have absolutely no right to my private data, unless I specifically give them permission. They do not have any right to success, no right to a specific business model being viable forever.

>"For that matter, they have every right to collect, store, and make use of whatever data they are able to gather from your interaction with their service without your consent. The law in this case is blatantly one-sided, and consequently unjust—you aren't forced to beg for their consent to remember and/or communicate whatever data you can gather about the them."

No, they do not have that right. There are very clear differences between corporations and people. Corps are not people, they do not have the same rights a person does.

>"For that matter, where is the GDPR equivalent for the government? They collect more information, and more personal information, than anyone else. Based on the same principles as the GDPR, you should be able to opt out of all those income and sales tax reporting forms, for a start, or demand that they delete you from all their databases, with no change in services received."

The GDPR applies to governments as well. There are very specific rules in place for what information they're allowed to keep, any PII data can only be kept if there is valid purpose. The same rules go for companies, they're certainly allowed to keep information, as long as it's appropriate and necessary to provide the services they provide to you. And yes, taxation is part of the overall service government provides you to, specifically it's the payment for those services.

Facebook doesn't need to endlessly track, profile and monetize you, in order to run a social network that lets you chat with people, exchange cat videos and arrange events. Google doesn't need to endlessly track, profile and monetize you in order to provide search, email, calendars and their other services. It's perfectly fine to keep your calendar data, because that's a service they provide to you. But it is not OK for them to analyze and monetize your calendar data to target ads, unless you give them explicit consent.

[nybble41]

> The GDPR applies to governments as well. There are very specific rules in place for what information they're allowed to keep, any PII data can only be kept if there is valid purpose. The same rules go for companies, they're certainly allowed to keep information, as long as it's appropriate and necessary to provide the services they provide to you.

Services you personally asked them to provide to you. That's an entirely different standard. The GDPR doesn't permit companies to decide unilaterally what services they will provide and what information (much less funds) they are entitled to collect from you in order to provide those unasked-for services.