| ▲ | cocoto 9 hours ago |
| Simply enable the “cookie notices” list in ublock origin (available on every platform now, even iOS). According to the EU law if you don’t click accept it’s equivalent to denying. |
|
| ▲ | Fraaaank 8 hours ago | parent | next [-] |
| > According to the EU law if you don’t click accept it’s equivalent to denying. The result is the same. Technically there's no such thing as denying, only providing (explicit) consent. If consent is required and no consent is provided, then there is no ground for processing. |
| |
| ▲ | Rygian 7 hours ago | parent | next [-] | | How do you object to the site's legitimate interest use of your personal data? That is a legal grounds for processing, which can be enabled by default as long as you are provided with an option to actively object. https://noyb.eu/en/your-right-object-article-21 | | |
| ▲ | psychoslave 7 hours ago | parent | next [-] | | >How do you object to the site's legitimate interest use of your personal data? With the legitimate individual control over one own data required to run a healthy society and unavoidable to sustain a democracy. If a business can't exist without threatening society, the sooner it's going out of existence the better. | |
| ▲ | upofadown 7 hours ago | parent | prev | next [-] | | If it is an actual legitimate interest then you would likely be expected to contact the site out of band to object to the use of your data. Depending on the technical details you might not be able to continue using the site after a successful objection. In some cases the site might be able to reject your request. The cookie banner thing is intended to allow the user to explicitly provide consent, should they for some reason wish to do so. | |
| ▲ | kuschku 7 hours ago | parent | prev [-] | | Legitimate interest is defined as that usage that is absolutely technically necessary. Which is why you cannot object to legitimate interest. Legitimate interest is for example a website using your IP to send you the necessary TCP/IP packets with the website's content upon request. Many websites use the term "legitimate interest" misleadingly (or even fraudulently), but that's not how GDPR defines it. | | |
| ▲ | prox 6 hours ago | parent | next [-] | | It’s also to check if something works. I recently added something new and while I cannot and will not track any personally identifying information, I still need some data if people go through the whole process alright. That covers legitimate interest. It’s the minimum data I collect and its get wiped after some time. | |
| ▲ | rglullis 6 hours ago | parent | prev [-] | | An IP address is not "personally identifiable data". You can not know who the person is just because you got an IP address in the request. We are almost 10 years into the GDPR, and we still have these gross misunderstandings about how to interpret it. Meanwhile, it has done nothing to stop companies from tracking people and for AI scrapers to run around. If this is not a perfect example of Regulatory Capture in action, I don't know what is. | | |
| ▲ | Nextgrid 6 hours ago | parent | next [-] | | The lack of enforcement is consistent across all companies big and small so I don’t think it counts as regulatory capture. | | |
| ▲ | kuschku 6 hours ago | parent [-] | | Tbh, Google and Facebook, after several enforcement actions, now provide a simple "Reject All" button, while most smaller websites don't. I'd argue that's the opposite of regulatory capture. | | |
| ▲ | rglullis 6 hours ago | parent | next [-] | | Yeap, but the thing is: - they don't care about the cookies they are setting on their properties, if most of the functionality they have require you to be authenticated anyway. - These "smaller websites" are exactly the ones more likely than not to be Google's and Facebook's largest source of data, because these sites are the ones using Google Analytics/Meta Pixel/etc. | |
| ▲ | Fargren 6 hours ago | parent | prev | next [-] | | This is not my experience at all with Facebook. Since six months ago or so, Facebook is saying my three option are to pay them a subscription, accept tracking, or not use their products. I went with option three, but my reading of the GDPR as that it's illegal for them to ask me to make this choice. I'm in Spain, this is probably not the same worldwide. | |
| ▲ | Nextgrid 5 hours ago | parent | prev [-] | | The "Reject all" does not in fact reject all. They are taking extreme liberties with the "legitimate interest" clause to effectively do all tracking and analytics under it. The YouTube consent screen for example includes this as a mandatory item: > Measure audience engagement and site statistics to understand how our services are used and enhance the quality of those services I don't believe this complies with the GDPR to have this mandatory. |
|
| |
| ▲ | youngtaff 4 hours ago | parent | prev | next [-] | | IP address is considered personal data and can be considered personally identifiable data in some circumstances for example if you can geolocate someone to a small area using it | |
| ▲ | close04 6 hours ago | parent | prev [-] | | > An IP address is not "personally identifiable data". GDPR says it is [1][2]. > We are almost 10 years into the GDPR, and we still have these gross misunderstandings Because people would rather smugly and confidently post about their gross misunderstandings. If only there was some place to read about this and learn. I’ll give you the money shot to save 10 more years: > Fortunately, the GDPR provides several examples in Recital 30 that include: > Internet protocol (IP) addresses; From Recital 30: > Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses [1] https://gdpr.eu/eu-gdpr-personal-data/ [2] https://gdpr.eu/recital-30-online-identifiers-for-profiling-... | | |
| ▲ | rglullis 6 hours ago | parent [-] | | When an IP address is linked to any other data, then it counts as PII. By itself, it's not. So, sure, if you stick the user's IP address on a cookie from a third-party service, you are sharing PII. But this is absolutely not the same as saying "you need to claim legimate interest to serve anything, because you will need their IP address". | | |
| ▲ | kuschku 5 hours ago | parent | next [-] | | An IP address linked with the website being accessed is already PII. When serving content, you're by necessity linking it to a website that's being accessed. For example, if grindr.com had a display in their offices that showed the IP address of the request that's currently being handled, that's not saving or publishing or linking the data, but it's still obvious PII. | | |
| ▲ | rglullis 5 hours ago | parent [-] | | > a display in their offices that showed the IP address (...) that's not saving or publishing You are not sharing with a third-party, but that sure falls into processing and publishing it. |
| |
| ▲ | close04 5 hours ago | parent | prev [-] | | IPs are PII even before you inevitably link them to something in your logs. If you can make a case that you absolutely don’t store them anywhere, they’re just transiently handled by your network card, maybe you get away with it but only because someone else along the stream covers this for you (your hosting provider, your ISP, etc.) Source: I have been cursed to work on too many Data Protection Impact Assessments, and Records of Processing Activities together with actual lawyers. | | |
| ▲ | rglullis 4 hours ago | parent [-] | | Basically we are in agreement: IP addresses, by themselves, are not PII, only when they are linked to other information (a cookie, a request log) then it consitutes processing. So, apologies if I was not precise on my comment, but I still stand by the idea: you don't need to a consent screen that says "we collect your IP address", if that's all you do. |
|
|
|
|
|
| |
| ▲ | atoav 7 hours ago | parent | prev [-] | | Also: the consent has to be informed consent. Me clicking away a nag banner, even if I click "accept" isn't informed consent by the definition of the law. You want to share my data with your 300+ "partners" legally? Good luck informing me about all the ways in which every of those single partners is using my data. If you are unable to inform me I can't give consent, even if I click "Accept all". That is however a you-problem, not a me-problem. If you share my data nontheless you are breaking the law. | | |
| ▲ | JCattheATM 3 hours ago | parent | next [-] | | A lot of the notices provide exactly the info you need to be informed, it's on you if you want to read it or not. | |
| ▲ | neodymiumphish 4 hours ago | parent | prev [-] | | Undoing whatever data collection and sharing, as well as seeking and obtaining restitution, is probably a much harder problem to solve (for you) if you select accept. |
|
|
|
| ▲ | geor9e an hour ago | parent | prev | next [-] |
| But I don't want to auto deny. I want my shopping carts to work. I want websites to save my login and preferences. I just don't want the pop-ups. So this extension is great. |
| |
| ▲ | cccbbbaaa 38 minutes ago | parent [-] | | Login, preferences, or shopping cart cookies (aka “functional cookies”) do not need consent. I never saw a banner that allowed me to disable them. |
|
|
| ▲ | gempir 8 hours ago | parent | prev | next [-] |
| Breaks many websites though and you'll be wondering why something doesn't work and then you have to remember you checked that ublock checkbox a few months ago. |
| |
| ▲ | benjojo12 8 hours ago | parent | next [-] | | I think in the last 12 months of using that unlock list I've only counted less than five times where sites have broken with that list enabled, I don't have to even disable the entire list. You just disable u-block for that specific site | | |
| ▲ | lol768 7 hours ago | parent | next [-] | | I've found it to happen much more frequently than that, unfortunately. Usually it's because the modal is two DOM elements - a backdrop, that fades out the rest of the content and sits on top of it/prevents interaction; and the actual consent modal. Websites then use various mechanisms to prevent scrolling. uBlock is often only removing the actual dialog, so you end up with a page you can't scroll up or down and can't interact with. If you're going to turn the filters on, it's worth being aware of this because it's far from flawless. | |
| ▲ | thevinchi 7 hours ago | parent | prev [-] | | Until this moment, I did the same thing… but right now I realize, this behavior incentivizes a domain owner to intentionally break their site, to trick the visitor to disable their blocker. Then the browser: refreshes the page, downloadz all the thingz… presents cookie banner. I’ve been using uBlock (or Brave) for years now, and when “something doesn’t work right” the first thing I often do is lower my shields… :facepalm: From now on, I’ll just bounce. Keep your cookies, I’m not hungry. |
| |
| ▲ | guenthert 7 hours ago | parent | prev | next [-] | | Complain and use a different site. There are only few websites which offer a truly unique service. If enough complain and walk away, something might finally change. | |
| ▲ | nextlevelwizard 6 hours ago | parent | prev | next [-] | | If a website gets broken by this it isn’t a site worth visiting | |
| ▲ | worble 7 hours ago | parent | prev | next [-] | | I've never seen a website break from this, got any examples? | | |
| ▲ | linker3000 5 hours ago | parent [-] | | LinkedIn - it takes you to the allow/deny page but doesn't automate things. It used to be that the LinkedIn login would get stuck in a cycle around this, but now it just dumps you on to the consent page. | | |
| |
| ▲ | Dilettante_ 7 hours ago | parent | prev [-] | | Thanks for the warning, I'd turned on those lists when I read the parent comment and would not have had a good time troubleshooting that. |
|
|
| ▲ | bcye 8 hours ago | parent | prev [-] |
| This extension gives you more choice than denying or allowing everything though, you get granular choice automatically applied to all websites where it works |
| |
| ▲ | cocoto 6 hours ago | parent [-] | | I think most people don’t want to give consent to any of this so a simple block list is enough. | | |
| ▲ | bcye an hour ago | parent [-] | | Well it does change if you have more of a choice than reject all or allow all (without needing to go into complicated settings each time). Telemetry is not that unpopular - I'd like devs to fix bugs I encounter. |
|
|
