[jampekka]

Very unlikely this will cause anybody to be fired. Will not probably even lead to company fines, nor the disappearance of the illegal dark patterns. E.g. a lot of sites used the IAB nag that was found illegal by the regulators. But IIUC only IAB had to pay a small fine and I'm quite sure nobody got fired for it because it was the "industry standard".

NOYB is fighting the good fight, and without it GDPR would be even more useless. But it's a losing battle, and NYOB itself is sort of admitting that. https://noyb.eu/en/statement-4-years-gdpr

GDPR is in theory a good law (although things like mandatory honoring of do-not-track headers should have been obviously included). But it's not being enforced almost at all probably due to regulatory agencies and EU being corrupt AF.

Having a lot of money, lobbyists and lawyers makes you immune to the law.

[latexr]

> Will not probably even lead to company fines, nor the disappearance of the illegal dark patterns.

NOYB’s intervention has lead to fines and I’ve been seeing way more banners have a “Reject All” at the top level. I remember noticing that at the same time NOYB posted about it. Unfortunately I don’t remember any useful keyword to search their website and post the source.

Though I’m not disagreeing with you. I have no doubt the dark patterns will continue and these companies will be as vampiric as they can get away with.

My strategy is to use that as a useful signal: the more a company or website bends over backwards to try to get me to accept data collection, the more I know I can’t trust them and will simply leave.

[jampekka]

Do you have a reference for the fines? Can't find much on the enforcement tracker [1], but seeing if the decision is about a nag or not is not easy to see quickly, so I may have missed them. NOYB also gave them a "grace period" before filing complaints, so I don't know how many complaints they actually made.

A lot of the nags have indeed gotten less illegal lately. Although I have very little faith in that even clicking Reject All really prevents tracking and selling me out. There are still those "legitimate interests" etc loopholes. And probably no regulator actually checks that the Reject is honored at all. Nowadays I don't even care. Used to go private mode for those but don't bother anymore. Hopefully at least my aggressive ad blocking makes spying on me mostly worthless on them.

Implementation of the GDPR consent was broken from the getgo (likely due to corruption). The spirit of the law is clearly that people shouldn't be tracked if they don't want it. Vast majority don't want to be tracked but vast majority are tracked.

If EU would have actually wanted this to work it would have been something like DNT. Also the promised megafines have not (and will not be) materialized and the (widespread and blantant) violations are at best just cost of doing business.

But making an actually effective implementation would have closed many revolving doors and fancy dinners.

Sorry for being so negative on this but I think entertaining hopes for such a fundamentally broken system may prevent less broken ones from arising.

https://www.enforcementtracker.com/ (going through the cases also shows that the DPAs are mostly fiddling with small fish who don't have the corruption power and/or lawyer army)

[latexr]

> Do you have a reference for the fines?

> (…)

> Also the promised megafines have not (and will not be) materialized

https://noyb.eu/en/spotify-fined-eu-5-million-gdpr-violation

https://noyb.eu/en/noyb-win-first-major-fine-eu-1-million-us...

https://noyb.eu/en/eu-58-million-fine-grindr-confirmed

[jampekka]

For Spotify and Tele2 at least these are cost-of-doing business fines. The GDPR can fine up to 4% of revenue. Spotify's revenue is about €17 billion, so the fine is about 0.03%. For Tele2 the fine amounts to 0.05%.

Grindr did get almost 3%, so that would be at the megafines level. Wonder how much they gained by selling the data though.

In comparison, I'd get easily fined over 3% of my yearly wage for shoplifting here in Finland. And of course would lose whatever I lifted. For Grindr-level privacy crimes I'd probably get a prison sentence. If you want to break the law, better make it for shareholder profit.

[Zanfa]

> NOYB is fighting the good fight, and without it GDPR would be even more useless. But it's a losing battle, and NYOB itself is sort of admitting that. https://noyb.eu/en/statement-4-years-gdpr

I'm not sure how much of this is attributable to NOYB, but over the last year or two, years there's been a significant uptick in the number of "Reject All" buttons showing up and I have a hard time believing companies are putting those there out of goodwill.

> GDPR is in theory a good law (although things like mandatory honoring of do-not-track headers should have been obviously included). But it's not being enforced almost at all probably due to regulatory agencies and EU being corrupt AF.

Agree with the missed opportunity of DNT headers being included in the law, but enforcing EU rules is always tricky. At the end of the day, it's 27 different countries, each with conflicting interests. With GDPR in particular, I believe one of the issues is that it's enforced in the country of incorporation, so another country can hold up the enforcement process if their data protection agency is slow, no matter whether due to corruption or incompetence.

[jampekka]

When it comes to things that (big) business doesn't like - e.g. GDPR, tax evasion, antitrust, consumer rights, rule of law - enforcement is somehow always so so difficult. And when it comes to stuff like enforcing copyrights, patents, trade agreements and forced privatizations the enforcement works fine and dandy. GDPR enforcement was designed like it is and it was well known that it will be like this.

My take is that the corruption is not only a national matter, like europhiliacs and the EU's huge PR-propaganda machinery like to explain it. EU was set up as an antidemocratic organization for business interests and seems to remain so. The endless lobbying billions work.

[latexr]

> I'm not sure how much of this is attributable to NOYB, but over the last year or two, years there's been a significant uptick in the number of "Reject All" buttons

They filled over 500 complaints for that alone.

https://noyb.eu/en/noyb-aims-end-cookie-banner-terror-and-is...

[jampekka]

> Nevertheless, noyb will give companies a one-month grace period to comply with EU laws before filing the formal complaint.

They sent draft complaints to the companies. Not sure how many they sent to authorities. But nevertheless it may have had an effect.