[Nextgrid]

This is nothing new. These guidelines reflect the GDPR’s intent and everyone had 2 years to prepare for it before it went into effect.

[aiCeivi9]

They are in effect and everyone breaks them. I guess we need to wait for first "cookie" fine for any panic/changes to happen.

[holstvoogd]

yep, I work at what is a processor in terms of the GPDR and made a action plan of how we should comply and help our customers to comply. Guess how much of that got done? Absolutely nothing. But of luckely we have quarterly meetings to how to improve out compliance etc, of which we have so far had none.

The trouble is that the industry seems to focus more on what they can get away with then what they need to change. Even the GPDR consultants/privacy lawyers focus not on what is required by law, but on how to circumvent as much of it as possible.

All 'BeCAUse iT Is sUcH a drACOnian LaW' - Well guess why that is the case. We keep perverting it in the name of marketing. It's just a race to the bottom in the end.

[pintxo]

Part of the problem is the missing fines:

If there is no regulatory punishment for ignoring the law, than any organization following the law actually has a commercial disadvantage against all the opponents not following the law.

That's way no one is willing to follow the rules. Legal requirements that do not get enforced are just meaningless.

[oliveremberton]

Author here. What’s new is the ICO has changed their guidance: they had explicitly stated analytics was acceptable in the past. The law itself hasn’t changed, but what most people thought was compliant is now unambiguously not.