Hacker News new | ask | show | jobs
by digitalPhonix 285 days ago
> It has done literally nothing to improve anything whatsoever, in any country

That’s because of malicious compliance from all the websites/advertisers. I guess that is partly the lawmakers’ fault for not pre-empting that; but much larger blame lies on the industry that refuses to grant user privacy.

As an example for a site that followed the intent of the law instead: https://github.blog/news-insights/company-news/updates-to-ou...

Github removed excess tracking so they didn’t need to show a cookie banner and that’s what GDPR’s intent was.
2 comments
CamouflagedKiwi 285 days ago
Blaming the industry for it doesn't change the reality that the law has done very little to improve the thing it was aimed at and made the internet worse for users (and developers) with all the banners. By any objective measure its outcomes are terrible - lawmakers should do better than just throwing out things like that.
link
digitalPhonix 285 days ago
> By any objective measure

Number of sites using google analytics on my browsing session with my consent has gone down

link
omnimus 285 days ago
Very little? The norm used be to slap google analytics on everything. Suddenly everybody thinks about compliance — especially those who didn't even have idea there was something wrong.

Many sites ditched tracking altogether so they don't have to have banners. Everybody is aware of GDPR so you can be pretty confident that when european site has no banner it doesn't track you.

Could the law be better? Sure I would love to ban tracking altogether. But this was lobbied to hell by AD companies. Everybody was kicking and screaming because they want all the data. And we still got something that helps. That is a win.

And you can see how industry hates it in way they implement the banners. It is annoying and confusing on purpose. You could comply in nice way but when you need to share the data with your 141 ad partners and each one gets their own checkbox… good luck.

Same reason nobody was respecting the dont track me flag. The industry is absolutely and exclusively to blame here.

link
odie5533 285 days ago
The law has wasted billions of hours of human life and productivity. Was it worth it?
link
kiicia 285 days ago
Law was created as response to advertisers invading privacy, are you arguing that unchecked invasion of your privacy is worth it? If anything unchecked invasion of privacy wasted all of those hours plus hours of work of lawmakers plus hours of work while implementing all that advertising in the first place…
link
troupo 285 days ago
Ads industry did that. Was it worth it?
link
poszlem 285 days ago
The ads industry isn’t in the business of making our lives easier. EU lawmakers are. Which is why it’s the EU that is failing in its mission here.
link
troupo 285 days ago
> The ads industry isn’t in the business of making our lives easier.

Indeed. So somehow you still end up blaming the EU.

link
kiicia 285 days ago
So you know who “bad guys” are and you still make strawman argument?
link
ChadNauseam 285 days ago
in what way is it malicious compliance? the law just requires you ask for consent. that’s exactly what companies do. some companies violate the law by asking for consent in a way that is misleading or incorporates dark patterns. but if the law says “you must ask for consent before you do X” and companies ask for consent before they do X, that is just compliance, not malicious compliance.

As an example of true malicious compliance, some companies intentionally add trace amounts of allergens to all their food, that way they can just claim that all their food contains allergens and not be at risk of being accused of improper labeling. but the intention of the law requiring accurate labeling was clearly not to get companies to add more allergens to their food. it requires a level of creativity to even think of complying like that. It requires zero creativity to think “this law requires user consent before tracking, so let’s ask for consent”.

link
digitalPhonix 285 days ago
Have you seen the 300 individual checkboxes you need to disable? Or the hoops that the advertising industry went through to claim that “Do-Not-Track” didn’t count for:

> In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02...

Article 4, Section 21.5

link
swiftcoder 285 days ago
The malicious compliance is more that they all refused to add the one-click opt-out until a high-profile enforcement against Google brought them to heel.
link
ChadNauseam 285 days ago
that’s just noncompliance. and the one-click opt-out still implies one click, which implies the cookie banners
link
Cthulhu_ 285 days ago
The "malicious" compliance came from the trick that accepting / opting-in was fast and almost instant, but rejecting / opting-out was a slow and arduous process, and it required lawsuits and fines [0] for companies to comply.

I found a website that lists all fines handed out for violating the GDPR: [1]

[0] Google fined €325 million by French CNIL for placing cookies without consent https://www.cnil.fr/en/cookies-and-advertisements-inserted-b...

[1] https://www.dsgvo-portal.de/gdpr-fines/gdpr-fine-against-goo...

link