|
|
|
|
|
|
by illiarian
1156 days ago
|
|
|
GDPR. Does not. Mandate. Browser. Or website. Cookies. Banners. Or UIs. In it's simplest form it says: if you want to collect more data than is required, you have to ask users for consent. This applies in equal measure to sites, banks, grocery stores, shopping malls, shit processing plants, nuclear reactors etc. |
|
|
But there is a need for clarification here for the most often encountered consent case: web sites.
Basically the regulation could say: you must have consent to collect data, but you must ALSO observe specific standardized method X of of blanket disallowing all consent in specific contexts. For example, "if do-not-track is used in a web browser, then the user should not be shown a consent dialog but instead provided the service as if they had rejected the consent dialog".
I realize that regulators (for good reason!) are very reluctant to specify specific technologies. It's not their home turf, and it's likely to be quickly outdated. But I'm ready to accept that this would be a time when there is a good reason to make an exception to that rule.