[Escapado]

Is that how it works? I thought as long as the user gives explicit consent to that happening it's fine. Most checkouts I have seen have a checkbox you need to check before being redirected to stripe/paypal and the likes which asks for explicit consent to the privacy policy rules.

[jon-wood]

It's not even slightly how it works, and your interpretation is correct, so long as the customer has consented then you're fine. The issue with Google Fonts and Analytics is that the customer has very rarely consented to tracking (particularly with fonts), and in a great many cases even where there is a "I consent to tracking cookies" dialog the cookies were dropped before it was displayed.

[that_guy_iain]

With Google Font decisions have been about consent. With Google Analytics it's been about the transfer of data to a US org when a US court can issue a FISA letter. Basically, a privacy lawyer from the Netherlands has been hammering Google in court repeatedly.

[smeagull]

Sick of those stupid dialogs.

[latexr]

I find them to be good indicators of how bad a website/service is. The harder it is to dismiss the dialog while rejecting everything, the worse the service tends to be in other metrics. I think of those dialogs as big bright banners which advertise loud and clear how disrespectful a website is of its users. Noticing the pattern means I waste considerably less time on websites which aren’t worth it.

[parminya]

Me too, I wish the companies would obey the law without putting in the consent banner. It's not like there's any law obliging them to put in the consent banners. They freely chose to piss us all off even though they had the alternative of behaving like perfectly profitable pre-internet businesses and ... not tracking us.

[kzrdude]

Yes, I can't believe we've created a system where those are the norm. But we also have real world cities plastered with billboards, so it's not like everything is clean, perfect and rational in our worlds.

[jeroenhd]

You and me both, I wish websites would stop being so full of tracking crap so these stupid popups can finally disappear.

[iso1631]

Sick of sites tracking me

[TekMol]

The issue is not related to consent but to "safeguards".

GDPR requires that user data is guarded in certain ways, and European courts have ruled that no data can be sufficiently safeguarded if it is under control of a US company.

Google "analytics gdpr safeguards" or see here for example:

https://piwik.pro/blog/is-google-analytics-gdpr-compliant/

Especially the section "Does collecting visitors’ consent solve compliance issues with Google Analytics?".

[that_guy_iain]

The issue is, giving a US org data is considered a transfer of data to that the US since a US court can force a US org to turn over the data no matter where in the world it is located. US data laws are not compliant with GDPR. It's basically just down to the spy laws they have, for FISA letters I believe, without those they would be fine.