|
> It could have had legal bearing, if Microsoft had not turned it on by default. How would that happen? > Before DNT, the way consent basically worked was that companies just assumed you consented, and only if you specifically denied consent, they would have no chance to defend that in court. (...) With Microsoft turning it on by default, there was no way for companies to know, if the user actually wanted privacy, or if they supposedly wanted to be tracked, for whatever reason. Herein lies the problem. Companies assumed consent. Which is a nice assumption if you want to abuse users and sell their data - though how can users consent if they typically don't even know what's being done to them? In reality, what companies should assume is lack of consent, and I'm very, very happy that at least for some of us, GDPR is fixing that. > With the GDPR in place, you theoretically now need to get consent every time (including implicit consent, e.g. when the user asks for something to be shipped to their address, that means you can process their address). Most companies don't yet keep to it, though. No you don't; you only need it for using user's data for things other than fulfilling user's request. It's kind of like with Cookie law - you don't really need a cookie banner, unless you're tracking people. (Or in other words, amount of UX problems GDPR/cookie law cause are directly proportional to how abusive a website is towards its visitors. It's a useful signal.) |