We should also be able to access our marketing categories without a Google account, since sensitive data is collected and a profile is built even if you don't have a Google account.
Throwaway of an ex search engineer here. This can’t work because how would google reliably only give you your information without a login account? They are only useful enough in aggregate to google so they can’t know it is only you with 100% certainty until you log in. AFAICT anyone telling you anything else is probably nonsense fearmongering, or maybe doesn’t understand how sophisticated attackers of google are and hasn’t thought through what happens when you have a logged out way of spoofing someone’s internet behavior to get their whole data.
This is effectively a) putting everyone’s approximate search histories on the internet, or b) outlawing google search’s buisiness model.
The consequences of trying option a and failing even once are so great, I argue if that’s your goal you should ban logged out personalization before anyone deludes themselves into thinking they can do it without leaking everyone’s info publically. I also think that’s going to harm consumers more than it actually helps them but I am obviously biased as an ex google search engineer.
We don't expect relinked data to be viewable, because that is ripe for exploitation, but we do want to access and control the data that is linked to the advertising cookies that were placed on our devices.
I feel like this is another example of something which can only be enforced by creating a new framework that inevitably benefits the few corrupt actors and defeats its own purpose.
How sure are they that it's one individual person that they are tracking? If you and others use the same computer, then maybe stuff might get mixed up. If "accessing" marketing categories includes read-access then your situation is worse than before.
What about the legal risk for Google if you opted out of the tracking a month ago but now google thinks you are a different person and is tracking you?
I agree but is this a Google specific thing? So many companies gather data on people without letting them see anything... I feel like we need legislation regarding this for all of them.
How is legislation going to fix this unless you mandate region locking of the internet? The moment a website loads some script from a Chinese site all bets are off from a legislative protection standpoint.
Under GDPR, an EU website owner is responsible for the Chinese scripts they load onto their site, as part of the Controller-Processor relationship. That doesn't help for Chinese companies without a locus of business in the EU, but it covers the hypothetical case that you raised.
In practice, legislation goes into effect globally by being in a large enough market that companies would rather comply than lock themselves out. Several companies have rolled out their GDPR compliance updates globally rather than just to the EU. It's the same reason that lots of products in the US comply with standards that only exist in California.
GDPR already requires all that data access and control even for people that don't have a formal account and haven't agreed to your ToS. No additional legislation in the EU needed.
That's because DPAs understand that if they reinforced GDPR properly then half the companies, particularly small businesses, in Europe would have to be fined. I'm not just talking tech companies either.
That's also because fining isn't the first step, its pretty much the last. You will have received a warning that you are not compliant and been given a deadline ito fix it in most cases.
All those small businesses mostly have data about subjects they are conducting business with. In general this is a valid reason to have that data and GDPR compliance is merely about implementation details.
The data subjects of ad networks however are completely different entities from their customers, which makes it a very different compliance problem. It might not be possible at all to conduct that kind of business in a compliant way.
This is effectively a) putting everyone’s approximate search histories on the internet, or b) outlawing google search’s buisiness model.
The consequences of trying option a and failing even once are so great, I argue if that’s your goal you should ban logged out personalization before anyone deludes themselves into thinking they can do it without leaking everyone’s info publically. I also think that’s going to harm consumers more than it actually helps them but I am obviously biased as an ex google search engineer.