Hacker News new | ask | show | jobs
by latexr 964 days ago
> Will not probably even lead to company fines, nor the disappearance of the illegal dark patterns.

NOYB’s intervention has lead to fines and I’ve been seeing way more banners have a “Reject All” at the top level. I remember noticing that at the same time NOYB posted about it. Unfortunately I don’t remember any useful keyword to search their website and post the source.

Though I’m not disagreeing with you. I have no doubt the dark patterns will continue and these companies will be as vampiric as they can get away with.

My strategy is to use that as a useful signal: the more a company or website bends over backwards to try to get me to accept data collection, the more I know I can’t trust them and will simply leave.
1 comments
jampekka 964 days ago
Do you have a reference for the fines? Can't find much on the enforcement tracker [1], but seeing if the decision is about a nag or not is not easy to see quickly, so I may have missed them. NOYB also gave them a "grace period" before filing complaints, so I don't know how many complaints they actually made.

A lot of the nags have indeed gotten less illegal lately. Although I have very little faith in that even clicking Reject All really prevents tracking and selling me out. There are still those "legitimate interests" etc loopholes. And probably no regulator actually checks that the Reject is honored at all. Nowadays I don't even care. Used to go private mode for those but don't bother anymore. Hopefully at least my aggressive ad blocking makes spying on me mostly worthless on them.

Implementation of the GDPR consent was broken from the getgo (likely due to corruption). The spirit of the law is clearly that people shouldn't be tracked if they don't want it. Vast majority don't want to be tracked but vast majority are tracked.

If EU would have actually wanted this to work it would have been something like DNT. Also the promised megafines have not (and will not be) materialized and the (widespread and blantant) violations are at best just cost of doing business.

But making an actually effective implementation would have closed many revolving doors and fancy dinners.

Sorry for being so negative on this but I think entertaining hopes for such a fundamentally broken system may prevent less broken ones from arising.

https://www.enforcementtracker.com/ (going through the cases also shows that the DPAs are mostly fiddling with small fish who don't have the corruption power and/or lawyer army)

link
latexr 964 days ago
> Do you have a reference for the fines?

> (…)

> Also the promised megafines have not (and will not be) materialized

https://noyb.eu/en/spotify-fined-eu-5-million-gdpr-violation

https://noyb.eu/en/noyb-win-first-major-fine-eu-1-million-us...

https://noyb.eu/en/eu-58-million-fine-grindr-confirmed

link
jampekka 964 days ago
For Spotify and Tele2 at least these are cost-of-doing business fines. The GDPR can fine up to 4% of revenue. Spotify's revenue is about €17 billion, so the fine is about 0.03%. For Tele2 the fine amounts to 0.05%.

Grindr did get almost 3%, so that would be at the megafines level. Wonder how much they gained by selling the data though.

In comparison, I'd get easily fined over 3% of my yearly wage for shoplifting here in Finland. And of course would lose whatever I lifted. For Grindr-level privacy crimes I'd probably get a prison sentence. If you want to break the law, better make it for shareholder profit.

link