22

Googe Analytics illegal in EU.

Fucking love you Europeans.

And for that matter any analytics software that sends or stores data in US serves, because it's against GDPR.

https://techcrunch.com/2022/01/...

Comments
  • 5
    👌🏻
  • 5
    Not sure how you concluded it is illegal in the EU ?

    From that article, only Austria has made a complain about it.

    We now have to wait and see if any other country will follow or not.

    Hope the rules will be clear enough. And easy to implement...
  • 3
    @Grumm still a precedent
  • 0
  • 6
    @Grumm Because the European Court of Justice has already decided back in 2020 in the Schrems II ruling. The thing is that the US surveillance law is simply incompatible with EU privacy laws so that this cannot comply with the ruling of the ECJ.

    So, it's not just Austria, this has already been to the highest court. It's just that the tech industry more or less decided to ignore the law, hoping the problem would go away.
  • 3
    It's not illegal. GDPR is a pain but you just need a popup waiver for the user to click ok.
  • 6
    @Grumm not even Austria, just one person in Austria, who probably doesn't understand what data is being shared, or that it doesn't provide any information that can be used to attack her.

    Side note, I live in Austria and I've heard it *could* be illegal to use a dashcam because you're recording someone without their consent. So if someone drives in to you I could submit that video to the insurance company and win my case, but then get sued by the other driver for recording them illegally.

    It's a Karen minefield out here.
  • 6
    @ojt-rant The popup waiver doesn't work because you need to agree AND have the choice to decline. The GDPR forbids bundling exactly because they foresaw that some asshats would try what you suggested.
  • 1
    @Fast-Nop technically you don't have to , you can give an "ok continue" or "no, go back" which would take them away from your site. 99% of the traffic just clicks ok in that case.

    With most CMS sites (wordpress etc) cookie and/or sessions will be used regardless. Most people understand this.

    I do wish they introduced this via the browser engine instead of having to deal with it manually in code. Just a little button at the top of the browser that needs clicking would be nice.
  • 9
    @ojt-rant This is just wrong, a "no, go back" doesn't fall under free choice. You can't bundle that. That's an important point of the GDPR.

    Here a GDPR primer for basic understanding: https://i-scoop.eu/gdpr/...

    Basic essence of the GDPR: if you think you can asshat your way around the GDPR and continue with the same old privacy-invading shit, you're in for a fine.

    That's because people who don't understand the idea of privacy at least will understand the idea of having to pay a large fine.
  • 2
    @Fast-Nop @ojt-rant In theory one can do by a contract and not consent (see Article 6(1)b for the data processing and Article 49(1)b for the transfer to a third party country).
    A "free and informed consent" is not required for contracts. Individual contract law may have additional limitations, especially for online ones and surprising terms.

    Anyway, I have yet to see a "privacy waiver" based on the aforementioned articles.
  • 2
    @sbiewald The downsides:
    1) Just labelling a waiver as "contract" won't fly.
    2) Already activating GA before the "contract" has been concluded won't fly, either.
  • 4
    @sbiewald And btw., the contract idea only works if the data collection is actually necessary. Like, when shipping physical goods, the vendor must obviously ask for the customer's address and use that for the shipping process. No explicit consent required because that's necessary for the purchase that the customer wants.

    However, Google Analytics is in no way necessary, and there are no steps involving GA that the user would want. It's long overdue that even the last webtard gets the message hammered home.
  • 1
    @Fast-Nop If someone declares it is his will to be tracked by Google, and the other party declares to provide a websites, Google analytics are now required for the contract.
    As such terms must be clearly laid out (general consumer protection laws; and the transparence requirements etc. of the GPDR are still in effect), I somehow doubt this is a viable option for every random website - but a legal one.
    One is free to chose whom to make business with¹ and so can lock out users not agreeing to the terms.

    I do not "like" this possibility, but I got this confirmed by the former data protection officer of Mecklenburg-Western Pomerania.

    ¹ besides anti discrimination laws
  • 2
    @sbiewald The thing is that due to the no-bundling provision, the option not to be tracked must be there anyway. Just violating this and calling it a "contract" won't fly.

    The point of the GDPR is pretty much "no, you don't get away with just spitting out some legalese on your website."
  • 2
    It doesn’t change anything, chrome already has spyware build in so they will just charge companies to allow them to use data and you won’t install chrome without agreeing to share it with google. Gdpr for me is just another way to fuck up small businesses and promote corporations who can afford lawyers.
    What gdpr and cookie law changed in your everyday life besides wasting millions of hours clicking accept / deny popups ?
  • 1
    Is it illegal? Yeah, probably.
    Will any small company be sued for this? Most likely no.
  • 1
    @Frederick do they mean Europeans or countries within the EU?
  • 7
    Have you considered such cutting-edge technical solutions as not collecting user data that you don't need unless the user agreed to being tracked without any bundled choices? I'm vaguely familiar with the type of data people usually use from GA and that data is exactly why the GDPR was created. It's not that European bureaucracy prevents you from recording the age group, gender and occupation of your visitors, it's that Europeans don't want you to record it so their politicians made a law to prevent you from doing so.
  • 3
    I know the countries in the EU also tend to do shitty things and fight against their citizens. I'm not protecting them, but in this case what you're up against is the will of the people enforced in a law, not just some legal nonsense.
  • 2
    @Frederick The "fucked up shit" the EU is doing is a global thing. It is also coordinated from a central authority. That is why every news station in every country says the exact same fucked up shit all the time. A memo gets sent out, the memo gets tweaked to sounds original to that country, then the authoritarian mandates are handed down. This pattern has been in effect for a long time. The compliance to this pattern is dictated by USA/UN invading if you don't play ball. It is all connected.
  • 8
    @Frederick allow me to explain myself with an example:

    There is glass which is 50% water. Now is the glass half full or half empty?

    Depends on what was the original state of the glass. If I just poured in the water then glass is half full. If I just drank from it, then glass is half empty.

    Baseline perspective is the key.

    Looking at Europe, EU, or Europeans from a third nation, you guys are much better than a absolute rotten shit happening here.
  • 2
    @ojt-rant Simple solution to not ask the visitor: Don't track anyone nor use unnecessary cookies. The value of knowing your visitor is extremely overestimated.
  • 1
    @Fast-Nop The no bundling only applies to consent, not contracts.

    More or less *nobody* uses contracts for this (I only know about Facebook, and using a contract was one of the few things to be found legal).

    Anyway, a contract is very inflexible and makes it difficult to migrate from/to. E.g. if you are a newspaper and you want use analytics even for paying customers, you cannot just change the existing contracts. By contrast, a consent can just be added "on top" of any additional agreements, and then "no bundling" is a requirement.
  • 3
    @Frederick The EU does not have the right to regulate secret agencies. And not regulating secret agencies is not an excuse for not regulating companies...
    International law is complex. And by the way, a lot of secret agencies doing was found to be illegal by courts'... Maybe there is a reason for the separation of powers in states?

    And the the problem of the GPDR and the United States are not (directly) the secret agencies, but rather that you can't sue them as a foreigner.
    By contrast, if a US citizen is illigally being spied by a French secret agency, the US citizen can sue it - it does not work the other way around.
  • 1
    @happygimp0 what constitutes "necessary" cookies can be subjective though. Eg. not using certain cookies might paritally break the website, but for some people surprisingly that's ok (if they only use certain parts or view it using a simple reader etc.)
  • 1
    @ojt-rant I am curious too.

    Why not use localStorage for website settings ?
  • 3
    @Grumm The e-privacy directive (from 2002!) does not discriminate between cookies, local storage, IndexDB or whatever; it (and the member states' implementations) says that without consent it is only legal to store necessary data (independently if it is PII or not!) on a user's device.

    To be complete:
    The GPDR does allow some personal data processing without consent / contract / ... e.g. when having a legitimate interest (= a legal one, where the benefit outweighs the reduced privacy). Even when having a legitimate interest - because of the aforementioned e-privacy - it is not allowed to store data on a user's device without a consent, as having a legitimate interest does not mean is necessary.

    The EU wants to replace the e-privacy regulation but has not agreed on the terms yet.
Add Comment