"At a cookie wall, website visitors have no real or free choice. It is true that they can refuse tracking cookies, but that is not possible without adverse consequences. Because refusing tracking cookies means that they cannot access the website. That is why cookie walls are prohibited under the AVG."
I find this fascinating. Is there really not a free choice to simply leave the website? A paywall is surely legal. But it is illegal for me to "pay" using something other than money.
Am I allowed to offer users additional functionality in exchange for access to their data?
The warnings accomplish nothing. It's just another nag screen. It was a bad idea when it was thought up and it still is today. It's an attempt to seal a wound (misuse of personal data) with a piece of string. It wasn't even a half decent band-aid.
> Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.
In other words, people aren't allowed to sell their data in exchange for services. I suppose the argument is that people are really bad at valuing their own data. They don't know how it can be combined with other datasets and how it might be resold and repackaged and never go away. There are other things people can't legally sell, such as organs, votes and sex, so it's not an entirely brand new idea.
Consumer protection laws regularly put limits on the freedom of contracts between companies and consumers. A rental car agency can’t give you a rebate for renting an unsafe car.
The fact that no money changes hands doesn’t change this. If you’re offering free taster portions of bread to passer-bys, you can not use lead as an ingredient. Neither being free, nor putting up a sign with the list of ingredients will change that.
GDPR is terribly vague and creates a barrier-to-entry. Draconian measures may hurt large companies, but they threaten smaller ones.
EU is saying they don't like Silicon Valley behemoths' power but they want valley-like companies in the EU (sometimes even calling for a 'European Google', as if you could just pass a rule to make that happen). And then they create laws that make it easy for the large players and harder for their competition.
Everyone here spent a great deal of money for some compliance boo-hoo. FAANG has your consent and upgrades their policy, done.
To me, this seems like ineffective and incompetent lawmaking, no matter if the intentions were sound.
If you had you would know that the regulation isn't there to nail companies from other regions. Anyone doing business with Europeans is subject to the same rules of the game, and that naturally also includes European businesses.
These cookie notices are also almost invariably violating the GDPR. There must be a clear choice, and if you choose not to be tracked, you must be able to still use the service unimpeded; then there must be a clear and understandable description to the intents of data collection; and lastly, the opt-out choice must be accessible equally simply as the opt-in choice (none of this "Accept" vs. "Manage options" bullshit.) For example, one of the very few larger pages where I've seen it done right is Wikia/Fandom.
> Am I allowed to offer users additional functionality in exchange for access to their data?
In a way, yes, but you're phrasing it in a roundabout way. You can ask for personal data to enable additional functionality that requires that data. For example, you're allowed to ask for location if you want to show them some offers nearby. They are allowed to refuse and in that case they cannot use the particular function that's tied to their realtime location. If they've given permission to use their data, you, however, are not allowed to use that location data for any other purpose other than what they explicitly agreed to and what's actually needed to provide the service. I.e. you can ask for the location to provide a location based service but you don't need their age and income data; also you cannot use their location for other purposes they aren't informed about. And you certainly aren't allowed to sell it to someone else without an express permission.
In short - you need a clear and explicit permission for specific purposes, and you cannot deny access to those parts of your service that don't require personal data.
So, what you're telling me is that GDPR actually limits my rights as a private citizens because that think I'm too stupid to make my own decisions? I guess I shouldn't be surprised.
Smaller sites don't have the resources to curate their own ads, that's why they use ad networks. If we are strict about this then this rule will eliminate small sites while tightening the grip of the big sites on the net, because they have the resources to adapt.
That's why you ask people. If enough people agree to paying for your content with their data, your site lives on.
If too many opt to not pay for your content with their data, your site dies unless it can find another way of making money, such as subscriptions.
Yes, it absolutely can mean that the giants will expand and lots of small sites that use ad networks will die.
Most people don't care and just choose the default option to get to the site. If opt out is the default and opt in requires a conscious decision then the majority of users won't opt in, because most users don't read the options, only clicks on the default option or the close popup X.
> Yes, it absolutely can mean that the giants will expand and lots of small sites that use ad networks will die.
And we already see the current situation where Facebook is dominant. If more small sites die and the big ones get even stronger then the situation will continue to deteriorate.
Targeted ads pay much more. Eliminating targeted ads can result in a revenue drop of 50% or more, effectively killing small sites which most of the time make not much more money from ads than what is needed for financing themselves.
People won't pay for many small sites separately, so until we have a viable alternative (e.g. automatic micropayments) eliminating targeted ads would effectively eliminate independent journalism as well (regular ads pay much less) and we'll only have sites financed by big corporations pushing their agendas.
I'm not a fan of targeted ads, but I rather have them if they allow independent publishers to operate, than having only new sites financed by big money.
This is just "the ends justify the means", because the consequences fall on the visitors, not the site owners, advertisers, or data brokers. It's a disgusting, predatory rationalization for offloading the damage while reaping the rewards.
Patreon on its own delivers hundreds of millions of dollars of funding a year. Web ads existed long before individualized tracking, and still are that way in pretty much every other medium (print, billboards, broadcast media, product placement, etc). Independent journalism existed in websites, blogs, pre-monetization youtube, etc as well. Heck, SV investment is available and all about spending money without any real revenue plans anyway. :-P Just this one very particular ad model needs to be ended for everybody, big and small, and the advertising market still has everything else covered. The "big money" sites also still need to monetize somehow (and much more voraciously), and wouldn't be allowed tracking ads, either.
If you can't make money without violating your audience, then you don't get to make money at it, and all scales should be held to the same account if it is genuinely considered an issue of rights.
It's not ideal that we need targeted ads for that, but currently there is no viable alternative and untargeted ads don't pay enough.