Neither of us is a winner here. This whole legislation sucks for everyone involved.
can track how many (unique) people use the site
We have to authenticate with a government ID in order to use those applications. So they have all the information to count unique users even without google tracking.
It’s more about how the people use the site, and which page and when and how, which devices, and how often etc. You would also want to track anyone before they sign in, and it’s also a way to identify issues/bugs and accessibility and identify outages/incidents and security issues without those being directly reported.
By “you win” I meant to say I’ve no idea why your local government would issue popups, which I guess means this isn’t just limited to American megacorps though, hence I retract that specific argument because of your counter example.
This whole legislation sucks for everyone involved.
No, it doesn’t, I’m still massively in support of it, what?
I absolutely stand by GDPR, even if you found one example of public entities that for some reason also use cookie popups instead of properly complying, even if they all did that, I would not for a moment wish it any other way, no public or private body of any kind has any right to any of my information for any reason without my explicit informed properly scoped consent for each given interaction.
I think the legislation is great and I would support a massive expansion of it and the US equivalent in CCPA.
For as long as data has any value, we must regulate it lest predatory orgs will abuse it and take the working class for all they’re worth straight to a surveillance state or a corporotocratic dystopia.
no public or private body of any kind has any right to any of my information for any reason without my explicit informed properly scoped consent for each given interaction.
predatory orgs
No public or private entity should access my information without my explicit, informed, and properly scoped consent for each interaction. Except that they do and that this legislation does not address this issue.
An effective solution will be technical, ensuring that only minimal information is transferred.
This legislation doesn’t work because most of the world can just ignore EU law. And the government institutes, from local to federal to EU, the largest invaders of my privacy, exclude themselves from the regulation.
This fosters a false sense of security, leading to a decline in digital skepticism and privacy hygiene. It even mandates shitty technical implementations, in such a way that improvements are illegal.
This naive, shitty legislation is a net negative for digital privacy.
Technical solutions are only there if there is binding Incentive, and compliance with EU law is absolutely a binding Incentive for “rest of the world”, if they operate inside the EU, which most megacorps do.
The two aren’t in opposition, one is a pre-reqiuisite for the other. Yes having FOSS privacy tooling is good but normies won’t use it, nor is it a bad thing that besides that they actually have some rights in the matter.
You sound like you’ve never actually worked for a tech company lol, compliance is everything.
nor is it a bad thing that besides that they actually have some rights in the matter.
To repeat the earlier argument: It is a bad thing, because it gives a false sense of privacy, reduces privacy hygiene, and anchors worse technology hindering improvememt.
Technical solutions are only there if there is binding Incentive
I’m not talking about the remote side. The technical solution has to be on the client side. Remote side should always be assumed to be a malicious actor.
and compliance with EU law is absolutely a binding Incentive for “rest of the world”, if they operate inside the EU, which most megacorps do.
Sounds like you don’t know that non-megacorps can also have a web server reachable from inside the EU? With ipv6 every device is individually addressable, and a potential web server.
Additionally it’s also not really binding for megacorps as we can see now. As the EU is completely reliant on the US, for energy, technology, defense, … the US administration can just pressure EU council to change whatever law it wants. In case of a client side technical solution, that’s not an issue.
You sound like you’ve never actually worked for a tech company lol, compliance is everything.
I have. That’s just yet another one of your faulty reasonings.
In summary, and to repeat: these laws are extremely short-sighted, fail in achieving their stated goals, bring forth an unnecessary cost of compliance for well willing actors, and actually make digital privacy worse by the false sense of protection it brings and because it mandates worse technology.
Neither of us is a winner here. This whole legislation sucks for everyone involved.
We have to authenticate with a government ID in order to use those applications. So they have all the information to count unique users even without google tracking.
It’s more about how the people use the site, and which page and when and how, which devices, and how often etc. You would also want to track anyone before they sign in, and it’s also a way to identify issues/bugs and accessibility and identify outages/incidents and security issues without those being directly reported.
By “you win” I meant to say I’ve no idea why your local government would issue popups, which I guess means this isn’t just limited to American megacorps though, hence I retract that specific argument because of your counter example.
No, it doesn’t, I’m still massively in support of it, what?
I absolutely stand by GDPR, even if you found one example of public entities that for some reason also use cookie popups instead of properly complying, even if they all did that, I would not for a moment wish it any other way, no public or private body of any kind has any right to any of my information for any reason without my explicit informed properly scoped consent for each given interaction.
I think the legislation is great and I would support a massive expansion of it and the US equivalent in CCPA.
For as long as data has any value, we must regulate it lest predatory orgs will abuse it and take the working class for all they’re worth straight to a surveillance state or a corporotocratic dystopia.
No public or private entity should access my information without my explicit, informed, and properly scoped consent for each interaction. Except that they do and that this legislation does not address this issue.
An effective solution will be technical, ensuring that only minimal information is transferred.
This legislation doesn’t work because most of the world can just ignore EU law. And the government institutes, from local to federal to EU, the largest invaders of my privacy, exclude themselves from the regulation.
This fosters a false sense of security, leading to a decline in digital skepticism and privacy hygiene. It even mandates shitty technical implementations, in such a way that improvements are illegal.
This naive, shitty legislation is a net negative for digital privacy.
Technical solutions are only there if there is binding Incentive, and compliance with EU law is absolutely a binding Incentive for “rest of the world”, if they operate inside the EU, which most megacorps do.
The two aren’t in opposition, one is a pre-reqiuisite for the other. Yes having FOSS privacy tooling is good but normies won’t use it, nor is it a bad thing that besides that they actually have some rights in the matter.
You sound like you’ve never actually worked for a tech company lol, compliance is everything.
To repeat the earlier argument: It is a bad thing, because it gives a false sense of privacy, reduces privacy hygiene, and anchors worse technology hindering improvememt.
I’m not talking about the remote side. The technical solution has to be on the client side. Remote side should always be assumed to be a malicious actor.
Sounds like you don’t know that non-megacorps can also have a web server reachable from inside the EU? With ipv6 every device is individually addressable, and a potential web server.
Additionally it’s also not really binding for megacorps as we can see now. As the EU is completely reliant on the US, for energy, technology, defense, … the US administration can just pressure EU council to change whatever law it wants. In case of a client side technical solution, that’s not an issue.
I have. That’s just yet another one of your faulty reasonings.
In summary, and to repeat: these laws are extremely short-sighted, fail in achieving their stated goals, bring forth an unnecessary cost of compliance for well willing actors, and actually make digital privacy worse by the false sense of protection it brings and because it mandates worse technology.