If you look just to the right of that statement, there's a button labeled Personalize that lets you set which 3rd party services you consent to. Correct me if I'm wrong, but that appears compliant...
I'm not trying to bait a fight here, I'm genuinely curious. Why is that okay but the way google is doing it isn't?
From the linked article:
> The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions. For instance, this is the case when a user wants to have a complete information on his or her data collected for the personalization purposes or for the geo-tracking service.
How is that different than the banner on cnil.fr? When you click personalize, you are brought to a page where you have a list of services they share your information with. Clicking on "read more" for any of the video sites near the bottom shows a pretty nonsensical page [1] which tells you an "Activation rate" and how many cookies it sets (which in the case of the "facebook" option says "this service does not use cookie". Then clicking on the "view the official website" sends you to [2] which states how they use cookies.
I genuinely don't understand why they are allowed to put the information in a menu that is behind a "personalize" button in a menu, and then only explain how the data is shared by clicking on several other links to understand, but google is getting fined for doing what seems like the same thing.
Even if you click the "view the official website" for YouTube on the permissions screen on cnil.fr, you are sent to [3], which seems like a VERY comprehensive screen that details all the information they collect, what they do with it, and how to stop it.
And if Google or cnil.fr can't get this right, what hope do I have of getting it right?
Because, to opt out for Google requires settings that are hard to find (and seem like they are intentionally hard to find) and set across multiple pages, where it is difficult to know that you have opted out of all data collection. Furthermore, with the distribution and obfuscation of the settings it is difficult for anyone to know how much data Google has, and one of the provisions of GDPR is that companies allow consumers to access their personal data. In this regard Google is even worse than Facebook. I expect that, if cnil.fr is compliant, then clicking deny all stops all data collection.
Citation needed. I just checked accounts.google.com > privacy settings and it seemed reasonable. I think having links for details made it much more clear than dumping everything together.
>it is difficult to know that you have opted out of all data collection.
So the issue is a lack of a single (or a very limited number of) "opt out of all data collection" button? I didn't know that was a requirement. How does that requirement interact with data which is required to run the business? Isn't the single "opt out" to delete or not create the account in question with Google?
>it is difficult for anyone to know how much data Google has, and one of the provisions of GDPR is that companies allow consumers to access their personal data.
Doesn't [1] show it pretty explicitly for Google?
It's not all on the same page, but it's not like it's all hidden or purposefully obfuscated. And I'm not sure how you would even fit it all on one page, it would be extremely hard to navigate if that were a requirement.
>I expect that, if cnil.fr is compliant, then clicking deny all stops all data collection.
And I would expect that if you don't check the "« I agree to Google’s Terms of Service» and « I agree to the processing of my information as described above and further explained in the Privacy Policy»" boxes that the article talks about, then Google will not collect any data on you, and I don't believe there is any evidence to the contrary.
The root of this seems to be that Google:
1. Doesn't tell the user well enough what their data is used for. I'm floored at the idea of this because Google has among the most comprehensive systems for explaining and controlling how your data is used within the company. This specifically terrifies me as Google is the standard that I'd hold any company i'm in to, as the way they show and explain how they use data is very understandable to me and many I've talked to about it. It almost seems like they will have to take a step backwards to become compliant and show a single page with a bunch of technical information on it that follows the letter of the law but in practice is useless for most people.
2. Is not getting informed consent from users on the data they do collect. And I genuinely don't understand why 2 checkboxes labeled "« I agree to Google’s Terms of Service» and « I agree to the processing of my information as described above and further explained in the Privacy Policy»" is not allowed, but a single "OK, accept all" on cnil.fr is allowed. Not to mention that the linked article specifically calls out that "it is not possible to be aware of the plurality of services, websites and applications involved in these processing operations (Google search, You tube, Google home, Google maps, Playstore, Google pictures…) and therefore of the amount of data processed and combined." But at the same time the link at [2] shows pretty explicitly where they get the data, where it's used, how it's used, and why, with plenty of links scattered throughout that take you to the page to limit that information gathering and delete information they already have.
Turning-off third party cookies doesn’t prevent third-party images, CSS, JS, or fonts from being loaded. Your browser just doesn’t save or send cookies while doing so.
From the linked article:
> The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions. For instance, this is the case when a user wants to have a complete information on his or her data collected for the personalization purposes or for the geo-tracking service.
How is that different than the banner on cnil.fr? When you click personalize, you are brought to a page where you have a list of services they share your information with. Clicking on "read more" for any of the video sites near the bottom shows a pretty nonsensical page [1] which tells you an "Activation rate" and how many cookies it sets (which in the case of the "facebook" option says "this service does not use cookie". Then clicking on the "view the official website" sends you to [2] which states how they use cookies.
I genuinely don't understand why they are allowed to put the information in a menu that is behind a "personalize" button in a menu, and then only explain how the data is shared by clicking on several other links to understand, but google is getting fined for doing what seems like the same thing.
Even if you click the "view the official website" for YouTube on the permissions screen on cnil.fr, you are sent to [3], which seems like a VERY comprehensive screen that details all the information they collect, what they do with it, and how to stop it.
And if Google or cnil.fr can't get this right, what hope do I have of getting it right?
[1] https://opt-out.ferank.eu/en/service/facebook/
[2] https://www.facebook.com/policies/cookies/
[3] https://policies.google.com/privacy?hl=en&gl=en