| >it is difficult to know that you have opted out of all data collection. So the issue is a lack of a single (or a very limited number of) "opt out of all data collection" button? I didn't know that was a requirement. How does that requirement interact with data which is required to run the business? Isn't the single "opt out" to delete or not create the account in question with Google? >it is difficult for anyone to know how much data Google has, and one of the provisions of GDPR is that companies allow consumers to access their personal data. Doesn't [1] show it pretty explicitly for Google? It's not all on the same page, but it's not like it's all hidden or purposefully obfuscated. And I'm not sure how you would even fit it all on one page, it would be extremely hard to navigate if that were a requirement. >I expect that, if cnil.fr is compliant, then clicking deny all stops all data collection. And I would expect that if you don't check the "« I agree to Google’s Terms of Service» and « I agree to the processing of my information as described above and further explained in the Privacy Policy»" boxes that the article talks about, then Google will not collect any data on you, and I don't believe there is any evidence to the contrary. The root of this seems to be that Google: 1. Doesn't tell the user well enough what their data is used for. I'm floored at the idea of this because Google has among the most comprehensive systems for explaining and controlling how your data is used within the company. This specifically terrifies me as Google is the standard that I'd hold any company i'm in to, as the way they show and explain how they use data is very understandable to me and many I've talked to about it. It almost seems like they will have to take a step backwards to become compliant and show a single page with a bunch of technical information on it that follows the letter of the law but in practice is useless for most people. 2. Is not getting informed consent from users on the data they do collect. And I genuinely don't understand why 2 checkboxes labeled "« I agree to Google’s Terms of Service» and « I agree to the processing of my information as described above and further explained in the Privacy Policy»" is not allowed, but a single "OK, accept all" on cnil.fr is allowed. Not to mention that the linked article specifically calls out that "it is not possible to be aware of the plurality of services, websites and applications involved in these processing operations (Google search, You tube, Google home, Google maps, Playstore, Google pictures…) and therefore of the amount of data processed and combined." But at the same time the link at [2] shows pretty explicitly where they get the data, where it's used, how it's used, and why, with plenty of links scattered throughout that take you to the page to limit that information gathering and delete information they already have. [1] https://myaccount.google.com/ [2] https://safety.google/privacy/ads-and-data/ |