@OatPotato @borup To this day, many websites still don't ask for consent. Cookie banners are just cookies wall with only OK/Accept button
At best there's a hidden Refuse grey link/submenu, which is illegal, as refusing should by as easy as accepting.
While still
- place tracking cookies at 1st load before the banner is even loaded 🤡
- continue to use tracking after users have refused
- such banner often ignore non-cookie based trackers (hidden pixel, AT Internet/piano/google tracking scripts…)
Some even have a shitton of individually actionable on/off switches¹ for like 10 or more processing purposes + several hundreds of switches for "parteners", with no "Refuse all" button, and a big green "Accept all"…
The ones using IAB TCF form are the worst offenders…
1. Or they seem turned off but each and every PII processing purpose switch is doubled with a hidden and/or greyed out "legimate interest" although many purposes have nothing to do with "Legitimate interest".
@devnull @borup for the "shitton of individual switches", some countries have made this illegal: the law says you MUST show a button to refuse everything on one click. But not all companies are doing it still.
And yes, the "legitimate interest" is the worst thing EU could let open, the line between legitimate and not really legitimate can be very flexible…
@OatPotato Exactly. Lack of "Refuse all" button is illegal.
By the way, as an European Directive meant to have standardised data protection laws all across EU, GDPR is supposed to be interpreted the same by all EU countries. But not all DPAs are equal…
Some are more interested in being (mega) corpos friendly than actually protection citizens PII, because "Strict GDPR enforcement is anti-business and will kill the economy, China and USA don't have GDPR! what about competitiveness!?" 😩
@tortipede Yep, it's very common… Most notably IAB TCF form used by a shittons ton of websites… aka "Consent" (or actually Refusal¹) form for designed by the marketing and advertisment industry 🤡
I filed a complain about it in 2020 or 2021 against the IAB… CNIL took almost to years to answer me "We can't do anything about it for now, where waiting for the EU court to determine whether TC_String is PII" which have nothing to do with my complain (a shittons of dark patterns)
Then in 2024 or 2023³, the CNIL closed my complain because "IAB France website was closed", as if the CNIL didn't knew the IAB TCF was used by a shittons of 3rd party websites (which they knew AND I specified it in the complain, with examplr) 🤡
Since I can't file a complain against "almost everyone“ AND the same dark patterns and abusive purposes are so similar across different websites, I assume it's either by default or encouraged by the IAB, […]
[…] so I filed a complain against IAB france.
But apparently, their french website being offline is enough to close the case although the abi'use isbstill going strong 🤡
There also small font size aka "Needs an electronic microscope font size" light grey links (often with clear or light background making very hard to notice) "Continue without accepting" which is NOT equivalent Refuse.
That link just doesn't "Accept“ what isn't in "Accpted" state by default […]
[…] but doesn't Refuse what is opt-out²… So another dark pattern designed to mislead users into not refusing crap that shouldn't even need active steps to be turned off…
It's all so tucked up on so many levels…
1. Since they collect Refusal, not consent. Opt-out instead of opt-in
2. In many cases it shouldn't be on "Accepted" status by default to begin with, most purposes that are "Accepted" by default, require consent (mostly marketing crap)
3. Dont remember the exact years but I remeber the whole process took approximately 4 years for nothing
- off topic answers for some of my points (dark patterns)
and some others were ignored (opt-out instead of opt-in, super abusive purposes that are greyed out/can't be turned off like "Linking/aggregating data collected online and offline to identify users"… which implies being spied on even when not using such websites, maybe by buying PII or some other means) 🤡
Borup
Zoë (english toots)
🐧DaveNull🐧 ☣️pResident Evil☣
Tortipede