For help, advice and discussion about stuff not related to aviation. Play nice: no religion, no politics and no axe grinding please.
By johnm
FLYER Club Member  FLYER Club Member
#1867523
rikur_ wrote:I see that cookie pop-ups could be a thing of the past.
https://www.bbc.co.uk/news/technology-58340333

address the trick where people are habitually clicking 'ok' to any pop-up that appears, and signing up to alerts they didn't want.


Now they'll get the whole lot by default, though it seems likely that this is yet more triumph of form over substance as data exchange with the EU will cease if it goes ahead as advertised...
kanga liked this
User avatar
By rikur_
FLYER Club Member  FLYER Club Member
#1867534
In the ideal world there would be a small number of standard categories of tracking:

1) cookies that are necessary to make the app/site work (e.g. building a shopping basket, remembering you are logged in, etc)
2) analytics to help the website owner understand customer behaviour and improve the app/site
3) personalisation on the app/site concerned, to tailor my future visits to this app/site
4) retargeting - to show me adverts from this site/app elsewhere on the internet
5) sharing my behaviour on this site with other third parties to tailor my wider online experience

In the ideal world I'd then have a browser setting for each: always / never / ask me ..... and websites would respect that browser setting.
By johnm
FLYER Club Member  FLYER Club Member
#1867536
"The technology that cannot be abused has yet to be invented"
rikur_, kanga liked this
User avatar
By rikur_
FLYER Club Member  FLYER Club Member
#1867552
Colonel Panic wrote:
johnm wrote:... as data exchange with the EU will cease if it goes ahead as advertised...

How might that manifest itself?

The current agreement for data sharing with EU is contingent on the UK's data protection standards being of broad equivalence with EU ones.
I think the actual issue might be that (IIRC) the EU rules apply to their citizens regardless of where your website is based - i.e. in future I may not need to show cookie pop-ups to UK citizens on a UK site, but if I'm a UK based site with European reach I may need to anyway.
Still, every batch of changes keeps lawyers and web agencies in business for another year ;-)
johnm liked this
User avatar
By kanga
#1867561
Colonel Panic wrote:
johnm wrote:... as data exchange with the EU will cease if it goes ahead as advertised...

How might that manifest itself?


Headline on small para on front page of today's DT: "EU warns it may stop sharing terror data"

https://ichef.bbci.co.uk/news/976/cpspr ... 01c-dt.png

More detail on changes hinted at by new ICO, EU/UK agreement background and possible implications of UK regulation changes:

https://www.bbc.co.uk/news/technology-58340333
User avatar
By Propwash
#1867584
Given that the product of GCHQ is greater than that of all other European intelligence agencies combined, and is mostly (though not entirely of course) shared with EU states, a disruption to such sharing might prove to be a serious own goal by the EU. The same holds true for DNA profiles in which the UK is also far ahead of most EU member states. For some reason much of the media and a surprising number of people think that we all live on a one-way street.

PW
Rjk983 liked this
By Rjk983
FLYER Club Member  FLYER Club Member
#1926041
Colonel Panic wrote:And another thing ...

Most websites let you opt out of all but essential cookies which whilst a chore does at least let you choose. But some (here is an example, I am not calling them out specifically https://www.cymbiosis.com ) will only let you effectively "accept" all; how does this fit in with GDPR (if at all)?


I’ve noticed it on a few sites, I assume it fits in with GDPR etc because nobody is forcing you to visit their website. They presumably took the commercial decision that if visitors don’t consent they can’t come to their site.

Can’t say I agree with their stance but I understand it.

I prefer this approach to the one of sites that make you trawl through an ever increasing list of vendors to individually opt out of legitimate interest.
Colonel Panic liked this
User avatar
By rikur_
FLYER Club Member  FLYER Club Member
#1926054
@Colonel Panic I refer you back to the ICO website again :-) https://ico.org.uk/for-organisations/gu ... chnologies
TLDR:
- no need to ask consent for cookies necessary for the website to work (e.g. load balancing, managing sessions/shopping baskets; etc)
- cookies for non-essential purposes need to be optional, simply saying 'don't use if you don't agree' is insufficient
- opt-in needs to be explicit and active
- but ICO takes a proportionate stance on enforcement - i.e. unless you are being particularly intrusive in what you do, you're unlikely to hear from them, particularly given the draft 'Data Reform Bill' removes the need for cookie consent in the website, and states that browser settings will be sufficient to comply with GDPR
rdfb liked this
By rdfb
#1926310
Rjk983 wrote:
I’ve noticed it on a few sites, I assume it fits in with GDPR etc because nobody is forcing you to visit their website. They presumably took the commercial decision that if visitors don’t consent they can’t come to their site.


This is illegal under GDPR. They cannot refuse service if you don't consent. If the personal data collection is strictly necessary to provide the specific service requested then they don't need explicit consent at all.

The problem is that the marketing industry is deliberately making the experience worse by breaking the law and then pretending it's the law's fault. Meanwhile enforcement action from the authorities had been really poor.

Google recently got a massive fine for, amongst other things, deliberately making it harder to decline consent. Since that ruling "Reject" buttons have started appearing on many sites.
Colonel Panic, Rjk983 liked this