Hacker News new | past | comments | ask | show | jobs | submit login

IANAL, but it is my understanding that those arcane menus are actually breaking the law (with respect to GDPR in the EU, at least). The default position should always be "No", and combined with that the "exit route" for anyone that opted-in should also be really, really easy. Like single-click easy. But business gonna business and bend the rules, I guess.

Pretty much none of those dialogs are compliant. https://twitter.com/random_walker/status/1187391482401038336

> But business gonna business and bend the rules, I guess.

Until some lawsuits will happen and the EU has been more than happy to collect fines.

The reason a majority of websites doesn't comply is because data protection agencies are doing fuck all and there has been no enforcement of the regulations. It doesn't help that reporting non-compliant websites is a pain, at least in the UK. It's as if they're not actually interested in collecting all that "free" money from the fines.

http://enforcementtracker.com/ may be of interest to you.

That's an interesting list, but almost none of the fines on it have anything to do with cookies or pre-checked forms. It's more like this gem:

"The fine was imposed on a soccer coach who had secretly filmed female players while they were naked in the shower cubicle for years."

I think the previous poster's point stands: GDPR enforcement is doing almost nothing about improper cookies and internet tracking.

> data protection agencies are doing fuck all

Why do you say this? At least ours is just swamped, so it'll take a while. Plus big cases take up a lot of resources. But there have been GDPR fines issued, and many many more warnings that might lead to fines if the company doesn't comply.

Being swamped shouldn't prevent them from at least starting somewhere, and Google and Facebook are violating it so badly it should be a very easy case... yet none of the data protection agencies dare to go anywhere near it (there have been cases against but they seemed to hinge on minor violations as opposed to the elephant in the room).

Plus, the swamping problem will stop because the first high-profile case will scare everyone else into compliance.

> Google and Facebook are violating it so badly it should be a very easy case...

Not really, because Google and Facebook will also fight any accusation tooth and nail in the courts and through lobbying. The case must be very well documented and defended.

I'm not saying you're wrong, but it's too early to tell.

I’ve been a lawyer practicing in this area since the mid-90s. Nothing meaningful has changed since then. They pass laws and regs, consultants and lawyers get rich by scaring their clients about upcoming rule changes, and the regulators hand out completely ineffectual slaps on the wrist while the big players openly violate the rules.

The laws have grown muddy due to lack of enforcement. The notion that there is such a thing as opting in creates a huge gray area, and that has made law enforcement hesitant to open any cases as they are likely to take a lot of time, and probably won't lead to any big victories.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact