undefined | Better HN

0 pointssmarx0072y ago0 comments

Yup, there are lots of violations: https://noyb.eu/en

And I do think Microsoft has good lawyers and believe they reviewed any activity prior to receiving consent quite carefully.

0 comments

alkonaut2y ago

Are there any concluded legal processes that are concerning

1) the form of consent banners

2) consent vs legitimate interest for ip transmission as part of http request headers

3) whether ads are a legitimate interest for web sites?

Those seem to me to be the 3 “big questions” of the GDPR. The regulation and most legal processes however seem to focus more on large scale data storage cases, failure to answer user requests etc. And those are important from a privacy standpoint but from a technical standpoint to software developers the 3 above seem much more interesting, yet mostly ignored by courts? I get a feeling they don’t want to touch it because they are a can of worms

smarx007OP2y ago

1) YES https://noyb.eu/en/where-did-all-reject-buttons-come

2) Consent vs legitimate interest is not for data but for data processing purposes. A company, say Paypal, may have a legitimate interest to process (and, therefore, collect) your IP address in fraud detection systems. If you don't give consent, fraud prevention dept cannot share your IP address with the marketing dept (and would have to erase it once it's no longer used by the fraud detection system). Which is why you get pestered with more consent requests than needed. Consent also has to be freely given: https://edpb.europa.eu/news/national-news/2019/facial-recogn... + https://noyb.eu/en/pay-or-okay-tech-news-site-heisede-illega...

3) Ads are not personal data (data that came from you and/or data related to you, not necessarily PII). GDPR is only about careful handling of all personal data. It does not prevent a company from showing you ads. But GDPR does prevent tracking to show targeted ads: https://noyb.eu/en/norway-temporary-ban-behavioral-ads-faceb...

j / k navigate · click thread line to collapse