Very unlikely this will cause anybody to be fired. Will not probably even lead to company fines, nor the disappearance of the illegal dark patterns. E.g. a lot of sites used the IAB nag that was found illegal by the regulators. But IIUC only IAB had to pay a small fine and I'm quite sure nobody got fired for it because it was the "industry standard".
NOYB is fighting the good fight, and without it GDPR would be even more useless. But it's a losing battle, and NYOB itself is sort of admitting that. https://noyb.eu/en/statement-4-years-gdpr
GDPR is in theory a good law (although things like mandatory honoring of do-not-track headers should have been obviously included). But it's not being enforced almost at all probably due to regulatory agencies and EU being corrupt AF.
Having a lot of money, lobbyists and lawyers makes you immune to the law.
> Will not probably even lead to company fines, nor the disappearance of the illegal dark patterns.
NOYB’s intervention has lead to fines and I’ve been seeing way more banners have a “Reject All” at the top level. I remember noticing that at the same time NOYB posted about it. Unfortunately I don’t remember any useful keyword to search their website and post the source.
Though I’m not disagreeing with you. I have no doubt the dark patterns will continue and these companies will be as vampiric as they can get away with.
My strategy is to use that as a useful signal: the more a company or website bends over backwards to try to get me to accept data collection, the more I know I can’t trust them and will simply leave.
Do you have a reference for the fines? Can't find much on the enforcement tracker [1], but seeing if the decision is about a nag or not is not easy to see quickly, so I may have missed them. NOYB also gave them a "grace period" before filing complaints, so I don't know how many complaints they actually made.
A lot of the nags have indeed gotten less illegal lately. Although I have very little faith in that even clicking Reject All really prevents tracking and selling me out. There are still those "legitimate interests" etc loopholes. And probably no regulator actually checks that the Reject is honored at all. Nowadays I don't even care. Used to go private mode for those but don't bother anymore. Hopefully at least my aggressive ad blocking makes spying on me mostly worthless on them.
Implementation of the GDPR consent was broken from the getgo (likely due to corruption). The spirit of the law is clearly that people shouldn't be tracked if they don't want it. Vast majority don't want to be tracked but vast majority are tracked.
If EU would have actually wanted this to work it would have been something like DNT. Also the promised megafines have not (and will not be) materialized and the (widespread and blantant) violations are at best just cost of doing business.
But making an actually effective implementation would have closed many revolving doors and fancy dinners.
Sorry for being so negative on this but I think entertaining hopes for such a fundamentally broken system may prevent less broken ones from arising.
https://www.enforcementtracker.com/ (going through the cases also shows that the DPAs are mostly fiddling with small fish who don't have the corruption power and/or lawyer army)
> NOYB is fighting the good fight, and without it GDPR would be even more useless. But it's a losing battle, and NYOB itself is sort of admitting that. https://noyb.eu/en/statement-4-years-gdpr
I'm not sure how much of this is attributable to NOYB, but over the last year or two, years there's been a significant uptick in the number of "Reject All" buttons showing up and I have a hard time believing companies are putting those there out of goodwill.
> GDPR is in theory a good law (although things like mandatory honoring of do-not-track headers should have been obviously included). But it's not being enforced almost at all probably due to regulatory agencies and EU being corrupt AF.
Agree with the missed opportunity of DNT headers being included in the law, but enforcing EU rules is always tricky. At the end of the day, it's 27 different countries, each with conflicting interests. With GDPR in particular, I believe one of the issues is that it's enforced in the country of incorporation, so another country can hold up the enforcement process if their data protection agency is slow, no matter whether due to corruption or incompetence.
When it comes to things that (big) business doesn't like - e.g. GDPR, tax evasion, antitrust, consumer rights, rule of law - enforcement is somehow always so so difficult. And when it comes to stuff like enforcing copyrights, patents, trade agreements and forced privatizations the enforcement works fine and dandy. GDPR enforcement was designed like it is and it was well known that it will be like this.
My take is that the corruption is not only a national matter, like europhiliacs and the EU's huge PR-propaganda machinery like to explain it. EU was set up as an antidemocratic organization for business interests and seems to remain so. The endless lobbying billions work.
> I'm not sure how much of this is attributable to NOYB, but over the last year or two, years there's been a significant uptick in the number of "Reject All" buttons
I recall a friend of mine worked support for some sass meeting software (oncehub-like) and got an email from a non-technical user asking if the booking invite page is missing a cookie notice.
He had to explain that they re-engineered the page a while back to not collect any data besides what the person puts into the form (the page explains that collection, but inline) so they wouldn't need one. Don't know if it was an aesthetic choice or if they AB tested it.
IANAl, but this would still be compliant if they use legitimate interest as a justification. In that case the user just needs to be informed and have the opinion to object via separate means.
Yeah, companies tend to be over-careful. They trust the legal department knows what they're talking about but in this case they don't, but the company decides to listen to them anyway. Especially if the legal department is a part of a US company, thinking they adhere to some EU regulation they can't seem to quite understand fully.