|
|
|
|
|
|
by rgetz
1662 days ago
|
|
|
Extra disclaimers apply - I work for ADI, but I am not familiar with the details of GDPR, I don't live in the EU so I'm not covered by the GDPR, nor am I a lawyer, nor do I work on/with the web or compliance team. I did forward your concern to the folks responsible for the web site and GDPR compliance - which I know they take very seriously. From a personal opinion standpoint - while I'm sure there is some clarification to be made on the description, things like " ... provided you have not opted out of such data processing." could have been written " ... provided you have opted into such data processing." Neither says what the default is (the way I read it), just that there is an option. The EU web site that you point to (for making a complaint), has options for "opt-in" and "opt-in less" (their words are "Accept All Cookies" or "Accept Only Essential Cookies"); there is no opt-out there either. Who is to say which are "essential"? On their cookie description page https://ec.europa.eu/info/cookies_en (which is actually pretty good, and more detailed than most), they don't say which are essential and what are not.... so still have no idea what I'm agreeing to... Not saying that the ADI site is compliant or not (I only know that lots of folks worked on it and spent a lot of time on it), also acknowledge there are always room for improvements - which may or may not happen (Again - not on that team) - only that's its hard to communicate some of these things sometimes... |
|
|
By the looks of it, the analytics cookies (eg SC_ANALYTICS_GLOBAL_COOKIE) are not set when not clicking "Accept and proceed". So my issue is only with the wording. In practice it is already opt in, so the text can and should be changed to opt in. The wording opt out does say the default is to accept, and you have to explicitly protest to not accept. (It looks like the wording was already changed?)
Imho, you shouldn't look at it as cookies vs no-cookies. The GDPR is not really about cookies, but about protecting your personal data. You're allowed to set cookies! But if you're processing personal data (such as non-anonymous analytics), you do have to ask permission.
What bothers me the most is the consent modal: I have to click the small blue text "cookie details" (vs the large green "Accept and proceed"), and then click the gray "Decline cookies" to not have my personal data processed and shared.
Why not give visitors 2 options equally?
- "Please use (and share) my personal data to improve this (and other) sites", and
- "No thanks, I'm just browsing"
If you offer those 2 options (and don't try to hide the "no thanks" behind an extra click and a hidden link), I would seriously reconsider consenting. As a sidenote: I would be even more likely to consent if it's not the first thing you force on me. Visiting a press release with a fresh session cookie? Or landing directly on a datasheet from a google search? Why even bother with non-anonymous analytics and ask me for consent? But if I'm clicking through and visiting other pages? Sure, ask to track me. My personal default is to decline, but if you can show mutual benefits I'm way more likely to consent.
As for the comments on the EU website I linked to: I agree. The wording is not clear as to what I'm accepting. As far as I understand:
- "visitor preferences" and "operational cookies" are required
- analytics cookies can be declined (even though they are already anonymous)
- third party cookies are handled separately, when viewing third party content
Following my own advice, I will contact the European Union DPO, and ask them to clarify the consent popup.
This should really be an import addendum to my previous post!: the first step is to contact the site's DPO, and only escalate to your nation's data protection agency when this approach fails.
Thank you again rgetz for taking the time to respond, and for raising this issue internally. It looks like wording of the privacy policy was already changed. I hope the consent popup can also be improved. Your response and the quick update of the privacy policy has greatly improved my opinion of Analog Devices.