Google Faces Privacy Complaint for Tracking Users in EU (bloomberg.com) 12
Google faces a data-protection complaint from Austrian privacy activist Max Schrems amid concerns it unlawfully monitors users and passes on the "tracking ID" to advertisers. From a report: Schrems's campaign group Noyb on Wednesday filed a complaint with the Austrian data protection authority, accusing Google of tracking users of Android phones through a unique ID that "allows Google and countless third-parties to" monitor users. The European Union's strict data protection rules, in force since May 2018, require people's consent before being tracked, the group said in a statement. Data regulators have the powers to levy fines of as much as 4% of a company's global annual sales for serious violations. "Google does not collect valid 'opt-in' consent before generating the tracking ID, but seems to generate these IDs without user consent," according to the statement.
Google lagging behind (Score:1)
Meanwhile, in the U.S., we have the aptly named H.R. 6666 [congress.gov].
"Testing, Reaching, And Contacting Everyone (TRACE) Act"
Indeed.
Opt in for what? (Score:1)
Either Google offers opt-in as "agree or don't use our products" - in which case users will be virtually forced to opt in to do anything on the internet, as Google has managed to insert itself in pretty much everywhere, or they offer opt in as "let us track you pretty please, but go ahead if you don't want to", and who the hell wants to be tracked by Google given the choice anyway?
So I'm not sure what the point of opt-in is.
Re:Opt in for what? (Score:5, Informative)
they offer opt in as "let us track you pretty please, but go ahead if you don't want to", and who the hell wants to be tracked by Google given the choice anyway?
The law says that you must do this and there is no other option.
You can collect and process data for two reasons:
1. It is necessary to provide the service in question. For example - you have to know my home address to send me the item that I bought. You have to know my email address to send me invoices etc. You can only use this data for the purposes of providing the service and you cannot share it with anyone who does not have a "need to know".
2. The person has voluntarily allowed you to process the data. In this case you can use that data in the manner that the person has allowed you to.
Option 2 has to be entirely voluntary (that is, "opt-in or I won't do business with you" is not allowed) and opt-in. If you show a dialog box, the "no" option has to be selected by default and require deliberate user action to select "yes".
Re: (Score:2)
Exactly. If it is a service you need to pay for, the rules are a bit different, but for a free service, this is how it works. No coercing people into giving their info or accepting being tracked.
Re: (Score:2)
Either Google offers opt-in as "agree or don't use our products" -
That has just been found to be illegal in the EU. Consent needs to be given freely. Different rules may apply for a product you pay for, but a free service cannot legally keep people out that do not agree to being tracked.
This is the bad guy (Score:3)
Instead of forcing all websites to display annoying cookie warnings governments should stop third parties like ad providers from using cookies to track users.
Re: (Score:2)
That's actually what happened, it's just that web sites implemented it badly and are now having to fix it.
Just a warning that a site uses cookies is not enough. To use cookies for anything but essential site functionality requires explicit, freely given opt-in permission. You don't have to warn about functional cookies at all.
And third party cookies are out because you would need to agree to every one of them, every privacy policy individually. But fortunately technology has overtaken the law here and all t
Re: (Score:2)
"And third party cookies are out because you would need to agree to every one of them, every privacy policy individually. But fortunately technology has overtaken the law here and all the major browsers are moving to band 3rd party cookies entirely anyway."
Any product I look at on the web still follows me around wherever I go next. I don't know how that happens if not with 3rd party cookies...
Re: (Score:2)
IP address, canvas fingerprinting, first party cookies with IDs shared on the back end. There are lots of ways, unfortunately.
Re: (Score:2)
Makes sense, that's what we should start banning.