The issue with society or one of them, is thinking its acceptable for a corporation breaking law to feel spite, the guy was not talking to a person, was talking to a shitty corp breaking law
There is a suggestion that some data sent is in violation with the GDPR. There is no specifics about what it would be that is in violation however. I think 90% of sites with cookie banners are blatantly violating the GDPR - but whether I'm correct in that assessment is anyones guess. It would depend on court processes that hasn't happened yet. It's based on my understanding and interpretation of the regulation, nothing else. I guess it's the same with the complaint here. If there is a question of a violation then it's probably due to microsoft and the commenter having different interpretations about specific data such as hashed mac addresses (Which certainly isn't clear cut).
Are there any concluded legal processes that are concerning
1) the form of consent banners
2) consent vs legitimate interest for ip transmission as part of http request headers
3) whether ads are a legitimate interest for web sites?
Those seem to me to be the 3 “big questions” of the GDPR. The regulation and most legal processes however seem to focus more on large scale data storage cases, failure to answer user requests etc. And those are important from a privacy standpoint but from a technical standpoint to software developers the 3 above seem much more interesting, yet mostly ignored by courts? I get a feeling they don’t want to touch it because they are a can of worms
2) Consent vs legitimate interest is not for data but for data processing purposes. A company, say Paypal, may have a legitimate interest to process (and, therefore, collect) your IP address in fraud detection systems. If you don't give consent, fraud prevention dept cannot share your IP address with the marketing dept (and would have to erase it once it's no longer used by the fraud detection system). Which is why you get pestered with more consent requests than needed. Consent also has to be freely given: https://edpb.europa.eu/news/national-news/2019/facial-recogn... + https://noyb.eu/en/pay-or-okay-tech-news-site-heisede-illega...
3) Ads are not personal data (data that came from you and/or data related to you, not necessarily PII). GDPR is only about careful handling of all personal data. It does not prevent a company from showing you ads. But GDPR does prevent tracking to show targeted ads: https://noyb.eu/en/norway-temporary-ban-behavioral-ads-faceb...
The complaint should come from some authority or a legal backing. The poster assumes that they are breaking GDPR and seeking explanation with some shit talk to make it sound legalese.
Companies as a policy and by logic don't reply to such comments/post because the response becomes a legal document. So any expectation of answer is futile.
