back to article Max Schrems is back: Facebook, Google hit with GDPR complaint

Max Schrems, the thorn in Facebook’s side, has returned to launch the first challenges under the EU’s new data protection laws. The complaints, filed on the day Europe's General Data Protection Regulation (GDPR) comes into force, take aim at what he describes as Google and Facebook’s “forced consent”. Under the GDPR, when …

  1. BoldMan

    ...and so it begins... <popcorn>

    1. Danny 14

      yeah, I thought ICANN might have been the first.

      1. onefang

        "yeah, I thought ICANN might have been the first."

        Nah, it'll take ICANN another few years to be ready to fight GDPR stuff.

    2. anothercynic Silver badge

      Oh yes...

      *sets up popcorn stall* :-)

      1. Jay Lenovo
        Pirate

        Re: Oh yes...

        Great time to be a lawyer...

        Chum chum, chum chum, chum chum, dah dah dah-hhh

        1. bombastic bob Silver badge
          WTF?

          Re: Oh yes...

          chum chum ... ??? (oh theme from jaws! l[aw]yers = sharks! got it)

      2. CrazyOldCatMan Silver badge

        Re: Oh yes...

        *sets up popcorn stall* :-)

        *Narrows eyes* - you processing any personal data on that stall?

        1. cantankerous swineherd

          Re: Oh yes...

          only the finest popcorn being processed here kind sir.

    3. GrapeBunch

      Where are the clowns?

      There ought to be clowns.

      1. Custard Fridge

        Don’t bother, drink beer

    4. Anonymous Coward
      Anonymous Coward

      One interesting move would be for Google and Facebook to withdraw access for all users subject to GDPR.

      The public outcry would be so vehement the only way a government that continued supporting GDPR could survive for more than 24 hours would be if the protestors couldn't use Facebook and Google to press home their grievance......

      1. Yet Another Anonymous coward Silver badge

        US newspapers are doing this today - to try and force an exemption for "quality journalism"

        1. Anonymous Coward
          Anonymous Coward

          "US newspapers are doing this today - to try and force an exemption for "quality journalism""

          Ok. Let us know when they have some.

        2. Spanners Silver badge
          Pint

          @YAAC

          Quality journalism must be rarer on that side of the pond than it is here

      2. Anonymous Coward
        Anonymous Coward

        One interesting move would be for Google and Facebook to withdraw access for all users subject to GDPR. The public outcry would be so vehement the only way a government that continued supporting GDPR could survive for more than 24 hours would be if the protestors couldn't use Facebook and Google to press home their grievance......

        Could be, but how would the Americans then get their intelligence on Europe*? The UK is about to step out, and ECHELON is becoming less and less relevant with the advance of secure message apps that carry voice. I rather think that Google will cough up whatever fine gets lobbed at them, and then knocks on the door of the NSA for a nice chunk of the gazillions annually sunk into the US espionage engine - after all, they're one of the major data providers.

        But it's nice to be proven right :).

        * Well, OK, apart from Google Home and Amazon Alexa intercept - if you didn't see that one coming you must be new here :)

      3. John Brown (no body) Silver badge

        "One interesting move would be for Google and Facebook to withdraw access for all users subject to GDPR."

        You think they'd cut off a market bigger than the USA by 180+million people just because of a data privacy strop?

        1. Charles 9

          They will if the price of compliance is too great and the return isn't really worth it.

          1. John Brown (no body) Silver badge

            "They will if the price of compliance is too great and the return isn't really worth it."

            Any company with that small a return won't be missed since they already have to comply with local laws wherever they do business in the world. Or, for that matter, even inters-state within the US.

        2. Alan Brown Silver badge

          "You think they'd cut off a market bigger than the USA by 180+million people just because of a data privacy strop?"

          Not just larger by numbers, but an economy larger than the USA (USA is #3 or #4 depending on how you interpret the figures for India)

      4. SebastianRR

        To withdraw out of spite would be met with a shareholder revolt and calls for resignation of CEO and board. Giving up on the European market is a complete non-starter.

    5. Anonymous Coward
      Anonymous Coward

      So does GDPR effectively make Facebook's real names policy illegal?

      This should be good, and maybe how the EU can solve it's budget crises once the UK stops subsidising it!

      1. Anonymous Coward
        Anonymous Coward

        > This should be good, and maybe how the EU can solve it's budget crises once the UK stops subsidising it!

        Boris, you can drop the pretence now. You won.

        1. Anonymous Coward
          Anonymous Coward

          "Boris, you can drop the pretence now. "

          No pretence here. It's a fact that the UK subsidises the EU by about £160 million a week net.

          1. Anonymous Coward
            Anonymous Coward

            Not quite so fast....

            Yes we are a net contributor to the EU, but as with most businesses you have to look carefully at what you get back, because with EU membership we don't get charged for some things, e.g. border taxes and crossings, as well as intangibles such as consistent and standardised regulations, so if you are a manufacturer and distributor of, say chemicals, then you know that your business doesn't have to worry about a different regulatory regime for different countries.

            As we have been in the EU for so long, people have forgotten what non-frictionless trading is like, we forget about the paperwork and the lorries held up in customs because some plonker back at head office has not done the right form. HMRC hasn't forgotten and is talking about £20B per year of additional costs due to borders.

            Now I know that the swivel eyed loonies exiteers think that this is nonsence, but if it comes to trusting the head of HMRC over Gove (no time for experts), Johnson (somebody who would sell his children for high office) or Rees Mog (who is still living sometime in the last century) I know who I would trust. Even if the HMRC estimates are 50% too high, that's still £10BN there.

            So all this talk of £350M/week or £163M/week to the EU that we can claw back is simply pie in the sky.

            The arguments of the Brexiteers remind me of the Climate Change Deniers, they find a single fact to hold onto and worry it to death. There't not a single credible piece of analysis that says we will be better off outside of the EU. Note the word credible, a pile of right wing junk from the ERA is not credible.

            I have a feeling that this govt will fall before the end of the year and then all bets are off, mind youy Corbyn distrusts the EU more than Give does, but he might be a little more pragmatic and shouldn't be in the pocket of the NI Taliban, aka the DUP.

            1. Alan Brown Silver badge

              Re: Not quite so fast....

              "The arguments of the Brexiteers remind me of the Climate Change Deniers, they find a single fact to hold onto and worry it to death. "

              The climate change deniers are so loud and have so much politictal clout that they've forced pretty much all climate change estimates to be extremely conservative.

              The reality of climate change is looking to be far _far_ worse than science has been predicting since the naysayers started their campaigns and virtually exactly on track of the near-worst case scenarios put forward in the 1990s before the vested interests started funding the naysayers to shout the science down.

              Sea level rise is the least of the worries in things to come. Ocean food chain collapse and reduction in oxygen levels are likely to happen sooner.

            2. Cederic Silver badge

              Re: Not quite so fast....

              people have forgotten what non-frictionless trading is like, we forget about the paperwork

              That's weird. You mean the UK doesn't trade outside of the EU at the moment?

              I must be getting old, I could have sworn we have global trading relationships. Maybe the new EU one could work like the ones we have with China, or America, or Canada, or Australia, or Papua New Guinea.

              There't not a single credible piece of analysis that says we will be better off outside of the EU.

              What makes you think I care about whether we're better off? The economy wasn't the primary factor in my preference to leave the EU.

              1. tiggity Silver badge

                Re: Not quite so fast....

                @ Cederic "What makes you think I care about whether we're better off? The economy wasn't the primary factor in my preference to leave the EU."

                Makes a refreshing change from the usual person who voted brexit for racist reasons but claimed it was for economy reasons

              2. Alan Brown Silver badge

                Re: Not quite so fast....

                "You mean the UK doesn't trade outside of the EU at the moment?"

                1: Not markets that can be accessed via lorry

                2: Have you had to deal with customs delays due to paperwork when your goods are on the docks? The parking fee structures for containers ensure it gets very expensive very quickly, so there's strong incentive to get it right before the ship arrives.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Not quite so fast....

                  "1: Not markets that can be accessed via lorry"

                  Many lorries use shipping containers. So called because they can go via ships...

              3. strum

                Re: Not quite so fast....

                > I could have sworn we have global trading relationships

                Most of our non-EU relationships have been negotiated by the EU - over 700 treaties. These will all have to be renegotiated.

            3. Anonymous Coward
              Anonymous Coward

              Re: Not quite so fast....

              "Yes we are a net contributor to the EU"

              So as stated, it costs us £160 million a week net in cash terms. The Brexit bus rather misleadingly said that "we send Brussels £350M a week" which is true, but rather naughtily didn't mention that we get about £190M a week back in net benefits.

              As with most businesses you have to look carefully at what you get back, because with EU membership we don't get charged for some things, e.g. border taxes and crossings, as well as intangibles such as consistent and standardised regulations, so if you are a manufacturer and distributor of, say chemicals, then you know that your business doesn't have to worry about a different regulatory regime for different countries."

              We will be free to negotiate similar agreements with the rest of the planet. And we can retain / adopt regulations that make sense and ditch those that have a greater cost than benefit to us.

        2. TheSirFin

          won for now ...... defeat is never final, and victory is never eternal!

    6. Anonymous Coward
      Anonymous Coward

      Bellend

      The guy is a bellend, quite clearly these companies are not charities, if you don't like the cost of the product (in terms of privacy) don't buy it....

      Simple are that. You have to because total bellend to think you can take the nice bits but leave the bad bits.

      1. Paul Crawford Silver badge

        Re: Bellend

        You have to because total bellend to think you can take the nice bits but leave the bad bits.

        Why bring up Brexit here?

  2. Voland's right hand Silver badge

    he is missing the lowest hanging fruit

    F**book and G00G still have 13 years cut-n-paste from COPPA in their T&Cs.

    That is invalid in Europe. A minor cannot consent to their data being processed without written parental consent of at least one parent, usually both parents/guardians until they have reached the age of full legal responsibility - between 16 and 18 depending on which country.

    He should add that one too. Just for laughs if not for any other reasons. If he does not have a suitable offspring to file the complaint, I am sure the el-reg readership can give their kids some interesting ideas who to talk to on this one.

    1. Steve K

      Re: he is missing the lowest hanging fruit

      Shadow profiles too please!

      1. CrazyOldCatMan Silver badge

        Re: he is missing the lowest hanging fruit

        Shadow profiles too please!

        Even under the old system these were arguably illegal. Under GDPR, utterly and certainly illegal.

        1. The Nazz

          Re: he is missing the lowest hanging fruit

          re COCM

          What, even if Hank Marvin, John Farrar etc give their consent?

      2. israel_hands

        Re: he is missing the lowest hanging fruit

        I'm planning on hitting Whatsapp and Facebook myself for shadow profiles. I've never used their services but I know they've slurped my e-mail address and other details from my other half's phone (she uses Whatsapp unfortunately) and friend's Facebook accounts.

        So I'm going to ask them to delete my data. And then refuse to provide any identifying data (because what would be the point of providing them data I explicitly don't want them to have?). Then asking them to just delete all data they don't have explicit opt-in consent to hold, on the grounds that my data will be in there somewhere and that's the only way to ensure that they successfully delete it without being able to personally identify me.

        I'm strongly considering investing in metaphorical popcorn futures. Seems like a booming market.

        1. Ken Hagan Gold badge

          Re: he is missing the lowest hanging fruit

          "So I'm going to ask them to delete my data. And then refuse to provide any identifying data (because what would be the point of providing them data I explicitly don't want them to have?). "

          Dear israel_hands,

          We have deleted all our data on you. (This email was generated before we did that, sent on successful completion of the task, and was not been copied to our "Sent" folder.)

          Obviously there is no way for us or you to prove that this is the case, because all the evidence is gone, but we've done it. Happy?

          Love, Facebook.

          1. Hans 1

            Re: he is missing the lowest hanging fruit

            Exactly! If a user des not want his data stored, how do you ensure that??? You need to know which users don't want their data stored, else, you have to ask every time defeating the purpose... at some point, user Will give consent...

            1. Alan Brown Silver badge

              Re: he is missing the lowest hanging fruit

              "Exactly! If a user des not want his data stored, how do you ensure that???"

              Easy: Under GDPR you only store the data of those who have given explicit consent for their data to be stored.

              Consent is not fungible (meaning someone else cannot consent on your behalf), so all of those contract terms in the T&C where "you confirm you have permission to share someone else's details" have zero legal validity.

              The next step along the GDPR path will be for someone to challenge those clauses and attempt to get the T&C declared void.

        2. jdoe.700101

          Re: he is missing the lowest hanging fruit

          He may also wish to ask WhatsApp why they are not enforcing their terms and services. Because I suspect that the majority of their users are in violation of the following:

          Address Book. You provide us the phone numbers of WhatsApp users and your other contacts in your mobile phone address book on a regular basis. You confirm you are authorized to provide us such numbers to allow us to provide our Services.

    2. Bob Magoo

      Re: he is missing the lowest hanging fruit

      There is a digital age of consent provided for in the GDPR with has nothing to do with the age of full legal maturity as you put it. It is up to each country to set their own age of consent, between 13 & 16, but it's 16 by default.

      They are mapped out here - https://www.betterinternetforkids.eu/web/portal/practice/awareness/detail?articleId=3017751

      1. Voland's right hand Silver badge

        Re: he is missing the lowest hanging fruit

        There is a digital age of consent provided for in the GDPR

        Thanks for pointing it - I overlooked it when scanning through GDPR a while back.

        However, this makes things even more interesting. Prior to GDPR it was the legal major age which is 16-18 in most countries so there is a good case for historic enforcement.

        With GDPR setting it to 16 unless specifically lowered, the cut-n-paste from COPPA in USAsian company terms is still illegal everywhere except Estonia which is the only one to both go for 13 years and actually enact them.

        1. Anonymous Coward
          Anonymous Coward

          Re: he is missing the lowest hanging fruit

          The age is one of the parts which can be 'tweaked' by individual states - it can't be any lower than 13 - but it can be increased if they wish.

  3. Anonymous Coward
    Facepalm

    This will go nowhere in court...

    Because nobody is forcing you to use these services...

    If you don't agree to their terms and conditions then don't use them...

    If you DO wan't to use them then part of the deal is that you have to agree to their terms...

    This guy seems to want his cake and eat it too !

    1. Aristotles slow and dimwitted horse

      Re: This will go nowhere in court...

      Ummm... I think you've missed the entire point. Leave this to the grown ups please.

      1. CrazyOldCatMan Silver badge

        Re: This will go nowhere in court...

        Leave this to the grown ups please.

        It's coming to something when even a slow and dimwitted horse is brighter than GDPR antagonists..

        :-)

        1. Aqua Marina

          Re: This will go nowhere in court...

          I do believe this will be the purpose of the court case. Until a law has it's day in court, everything anyone says (including reg commentards) is opinion and speculation.

          1. Anonymous Coward
            Anonymous Coward

            'The only sort-a optional is Facebook.'

            Even if Facebook was optional don't forget the deeply unhealthy ties to WhatsApp. In Latam for example, its used universally in Govt, Commercial firms, plus schools and education / colleges.

            Anything you can think of, all the way up to exchanging patient records between Doctors / Clinics / Hospitals etc. With both WhatsApp founders now ousted, its Game-On - 'Slurp-Time'...

    2. Remy Redert

      Re: This will go nowhere in court...

      And under GDPR, making that consent to process PI for reasons other than providing the service itself mandatory to use the service is specifically on the shitlist. Facebook has consent to process data required for the service itself by your use of the service, but to process data for any other purpose they have to get informed consent and it has to be possible to use Facebook without giving consent.

      The same for Google, Whatsapp, etc.

    3. Voland's right hand Silver badge

      Re: This will go nowhere in court...

      Because nobody is forcing you to use these services...

      1. My kids have to use both Google and Office 365 in school. No account - no ability to do and submit homework or sit an exam (if a computer is required).

      2. 30-40% of SMEs around Europe have moved to either Google or Office 365 too.

      The only sort-a optional is Facebook. Google unfortunately is not.

      1. Nick Kew

        Re: This will go nowhere in court...

        My kids have to use both Google and Office 365 in school.

        Then they should use entirely a school-provided facility for access (VPN for homework), making the school responsible for all PII and for anonymising access. If the school requires access to a service, they should be responsible for providing it in a legal manner.

        30-40% of SMEs around Europe have moved to either Google or Office 365 too.

        Then those SMEs need to do the same. Or pay for a premium service. Hmm, I wonder if the provision of just such a premium service might be a business opportunity?

        1. Alan Brown Silver badge

          Re: This will go nowhere in court...

          "Then they should use entirely a school-provided facility for access"

          Many employers have made it a condition of employment.

          Are you brave enough to risk your job over this?

    4. Anonymous Coward
      Anonymous Coward

      Re: This will go nowhere in court...

      "Because nobody is forcing you to use these services"

      Now that there are a billion or so people using the Facebook platform, and more and more businesses are providing info/services inside the walled garden, 'choice' of whether or not to use the services is less free than it once was.

      1. Anonymous Coward
        Anonymous Coward

        Re: This will go nowhere in court...

        "Because nobody is forcing you to use these services"

        Applying for a new UK passport online in 2016 did force me to use Google's Captcha service and there was no way around that short of travelling to the UK and applying in person.

        There was a link to "Google's Terms and Conditions" but it only applied to those with a Google account. As such,I deemed that any box accepting their apparently non-existent T&Cs I might have ticked was illegal.

        Certainly so under the new rules.

        1. Chris Fox

          Google Captchas = slavery

          Those pervasive and invasive Google Captchas are even more annoying when you realise that you are providing Google with unpaid labour and intellectual property. Websites and CDNs that use them are essentially compelling users to supply Google with training data for their image classifiers, while also implicitly "consenting" to them using your personal data, both for corporate profit. There should be a law against such indentured servitude... for some reason Article 4 of the Universal Declaration of Human Rights springs to mind. There is more to all this than just the GDPR. How about some enforcement?

          1. Mage Silver badge

            Re: Google Captchas = slavery

            See self driving AI

      2. Mage Silver badge

        Re: This will go nowhere in court...

        Aurorawatch has terminated their email alerts. They want people to use Facebook or an app.

      3. Nick Kew

        Re: This will go nowhere in court...

        Now that there are a billion or so people using the Facebook platform, and more and more businesses are providing info/services inside the walled garden, 'choice' of whether or not to use the services is less free than it once was.

        Up to a point, Lord Copper.

        I've always resisted facebook. Not because of privacy concerns, but because I have ethical issues with their Enclosure of the Commons. I have come under pressure to join over the years, but it's never been harder to resist than some of the other social pressures, like knowing enough about celebrities (e.g. footballers, pop stars) to follow a mindnumbingly boring conversation on the latest telly nonsense.

        1. Alan Brown Silver badge

          Re: This will go nowhere in court...

          " but because I have ethical issues with their Enclosure of the Commons"

          One example of this which is starting to show up is where communities moved to Facebook from various sites because it was easier to use. The coordinators of those communities are starting to find that FB is demanding they pay a fee to access the audience (their community).

          TANSTAAFL

    5. Anonymous Coward
      Anonymous Coward

      Re: This will go nowhere in court...

      "Why should I make my premises wheel-chair friendly? Nobody is forcing them enter!"

      "Why should I hit the breaks? Nobody forced them to walk on the road!"

      1. Anonymous Coward
        Anonymous Coward

        Re: This will go nowhere in court...

        "Why should I hit the breaks? Nobody forced them to walk on the road!"

        Why should we have to suffer incorrect word usage on a Friday? No-one is forcing us to read El Reg.

        #brakes

        /Anon

    6. Jon 37

      Re: This will go nowhere in court...

      That's wrong. There have always been some things that can't legally be put in terms & conditions.

      E.g. under long-standing UK law, a shop can't usually say "I'm selling you this stuff, but you have to agree there are no refunds, and if you don't agree then you can't buy it". That's because all consumers have the legal right to a refund if the product is not "of merchantable quality" or not "fit for purpose" or not "as described". If a shop tried that, and the product was faulty, the shop could still be sued for a refund and the shop would lose in court. The consumer's "agreement" not to get a refund was illegal and will not help the shop in court - in fact the shop may get punished for that illegal practice.

      GDPR says that consumers can't be compelled to consent to unrelated uses of their data. So any consent purportedly gathered that way is invalid, and they can be sued for using the data without consent.

      1. Anonymous Coward
        Anonymous Coward

        Re: This will go nowhere in court...

        "in fact the shop may get punished for that illegal practice."

        Given that it's explicitly an offence under the The Consumer Protection from Unfair Trading Regulations 2008, they stand to be prosecuted simply for saying it (assuming the relevant enforcement authority actually has any money).

    7. This post has been deleted by its author

      1. Danny 14

        Re: This will go nowhere in court...

        aurorawatch wasnt a full gdpr-reason-for-shutting-down, it was a research project originally and run on a shoestring with 1 tech guy. the tech guy cant run it any longer hence the facebook platform.

      2. Charles 9

        Re: This will go nowhere in court...

        "Ah, you mean he wants to eat his cake and still have it... well, why didn't you say what you mean?"

        Because you can't simultaneously have the cake AND eat it because by eating it you don't have it anymore. Thus the important "too" in the end.

    8. bombastic bob Silver badge
      Devil

      Re: This will go nowhere in court...

      actually, offering services using illegal policies is, by definition, illegal as well.

      If Google and Faece-b[itch,ook] want to offer these services to people in the EU, then they must abide by EU laws and regulations. That's pretty much an international agreement, as far as I understand it.

      And what I'd like to see is a *BIT* more privacy protection everywhere else BESIDES the EU, too. A "global opt out" might be a good start.

      I suspect this 'MYOB' charity is a bit like "EFF meets the ACLU"

    9. Alan Brown Silver badge

      Re: This will go nowhere in court...

      "Because nobody is forcing you to use these services..."

      Even if I don't use these services, they've been busy hoovering up data on/about me.

      Which by definition is without consent, unnecessary for the operation of the service, etc and then to compound the damage, that data is then sold to advertisers.

      I've served DPA section 11 notices on a number of advertisiing companies, but it's clear that they're still gathering data on me for targetting purposes. When the sharks get amongst this school of goldfish it's going to be "interesting"

  4. Anonymous Coward
    Anonymous Coward

    Only £3.1M for Google?

    Shouldn't that be £3.1B Plus interest?

    1. Voland's right hand Silver badge

      Re: Only £3.1M for Google?

      My same thought - someone is off by a factor of 1000 here.

    2. Oliver Mayes

      Re: Only £3.1M for Google?

      They're probably only able to take action against one of the smaller shell companies. You know, the ones that funnel all income to the parent while claiming zero profit for tax purposes?

      1. Danny 14

        Re: Only £3.1M for Google?

        turnover not profit. There is a large turnover by facebook and google.

      2. Anonymous Coward
        Anonymous Coward

        Re: Only £3.1M for Google?

        "They're probably only able to take action against one of the smaller shell companies."

        I hear they have some large data centres full of tech that could be seized to pay any fine.

  5. msknight

    Whos'e on first...

    So he's in business?

    Yes.

    What's his business?

    None Of Your Business.

    I was only asking. Why won't you tell me?

    I did.

    No you didn't.

    Yes I did.

    Then what is it?

    What's what?

    His business.

    It's None Of Your Business....

    1. Joe Harrison

      Re: Whos'e on first...

      I say, you remind me of a man.

      What man?

      The man with the hoodoo

      Hoodoo?

      You do

      What?

      Remind me of a man

      What man?

      1. Kane
        Thumb Up

        Re: Whos'e on first...

        Jareth: You remind me of the babe

        Goblin: what babe?

        Jareth: The babe with the power

        Goblin: what power?

        Jareth: The power of voodoo

        Goblin: who do?

        Jareth: You do

        Goblin: do what?

        Jareth: Remind me of the babe

        1. Anonymous Bullard

          Re: Whos'e on first...

          This isn't an argument...

          1. m0rt

            Re: Whos'e on first...

            Oh no it isn't!

            1. onefang

              Re: Whos'e on first...

              What's an app?

              WhatsApp.

              That's what I asked you.

  6. Anonymous Coward
    Anonymous Coward

    that isn’t free choice

    while I'm generally agree that google and pals are evil and should be (...), I don't see why they shouldn't engage in exchange of FREE!!! services for user data. I mean, there is no law that the only way to trade is by means of currencies, no? If you want to whore away your data, etc., you should be able to do so. I mean, it's not pretty, but it's the same as consensual sex. Sex services.

    ...

    oh, I see. Yeah, well, I hope I'm not getting logged for ILLEGAL SOLICITING OF SEX... :/

    p.s. ARE CAPS ILLEGAL YET?!

    1. DavCrav

      Re: that isn’t free choice

      "I mean, there is no law that the only way to trade is by means of currencies, no?"

      Pretty much yes. You can pay with anything you want, but there has to be a monetary value placed on it for tax purposes.

      1. Tom 38
        Coat

        Re: that isn’t free choice

        Pretty much yes. You can pay with anything you want, but there has to be a monetary value placed on it for tax purposes.

        So you're saying I can't pay for it with sex then :(

        1. onefang

          Re: that isn’t free choice

          "So you're saying I can't pay for it with sex then :("

          You can't, I might be able to, my girlfriend could.

      2. Killfalcon Silver badge

        Re: that isn’t free choice

        That's the core problem here, really.

        Google makes money by processing your PII in ways that the GDPR says it needs consent for.

        If Google can't make money, the service will fail.

        Therefore, one of the two things must follow:

        1) Google's business model doesn't work under the EU regulatory environment [akin to "no, you can't write mortgages to people you know cannot afford it", or at the extreme "no, you can't break people's legs for not repaying their loans"]

        2) Google processing of your PII to provide adverts etc *is* essential, and thus doesn't need consent anyway.

        Google clearly don't actually agree with option 2, as they requested permission. So it falls back to option 1 - the law says that Google can't rely on people giving up all their data to access their services. They may need to find alternate revenue streams, or provide additional benefits to make the service itself more valuable, such that people willingly turn the trackers back on.

        I mean, in all seriousness, if Google managed to block malverts reliably, and ensured they only display adverts that run well on the hardware I'm using, I'd feel a damn sight more indebted to them than I do right now, hunkered behind a wall of script blocking tools because the industry they control is incapable of basic QC, let alone cleaning up it's own messes.

        1. Dan 55 Silver badge

          Re: that isn’t free choice

          Google's business model doesn't require slurping to fling adverts.

          1. John Brown (no body) Silver badge

            Re: that isn’t free choice

            "Google's business model doesn't require slurping to fling adverts."

            Exactly that. But targetted ads pay more, so it's hits them in the wallet. This means they either suck it up or find a better/different business model or go back to the lower incomes of random or contextual adverts.

        2. Voland's right hand Silver badge

          Re: that isn’t free choice

          Google processing of your PII to provide adverts etc *is* essential

          Clearly not. You can and should provide advertisements based on the context which is being viewed. It can and should provide adverts based on that. Same as it did before Doubleclick acquired it.

          1. Orv Silver badge

            Re: that isn’t free choice

            The business problem here is companies will pay extra to micro-target ads to, say, male 28-35 year olds with college degrees who make between $80,000 and $120,000/year and own a dog. They believe, often without evidence, that this will result in more effective ads than just scattershot context advertising.

            1. Jamie Jones Silver badge

              Re: that isn’t free choice

              The business problem here is companies will pay extra to micro-target ads to, say, male 28-35 year olds with college degrees who make between $80,000 and $120,000/year and own a dog. They believe, often without evidence, that this will result in more effective ads than just scattershot context advertising.

              From: https://gdpr-info.eu/recitals/no-26/:

              Recital 26 Not applicable to anonymous data*

              1The principles of data protection should apply to any information concerning an identified or identifiable natural person. 2Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. 3To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly.......

              .......6This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.

              * This title is an unofficial description.

              (More...)

              But anyway, even if this wasn't the case, I'd say TOUGH!.

              I'm sure the TV advertisers would like more information on their audience.. It doesn't mean if it was practical to do so, they could send people to spy through our curtains.

          2. Alan Brown Silver badge

            Re: that isn’t free choice

            "It can and should provide adverts based on that. Same as it did before Doubleclick acquired it."

            What you're forgetting is that Doubleclick was the poison pill that acquired Google.

            If you don't understand what that means:

            Doubleclick was on the verge of bankruptcy and one of the most hated companies on the Internet when Google acquired them. In the time since that happened, Doubleclick's CEOs have become Google's CEOs and Google's policies have become closely allied to Doubleclick's reviled policies.

        3. Mage Silver badge

          Re: processing of your PII to provide adverts etc *is* essential

          I doubt it. Do personalised adverts really work better? Trying to sell you stuff you just bought?

          They make money from Advertising. Make them do it the same as TV, Radio, newspapers, magazines, buses and billboards.

          I think it's just a marketing scam perpetrated on the companies they sell advert space to.

          Also Adverts should have NO scripts, only a static image and a regular link.

          1. Alan Brown Silver badge

            Re: processing of your PII to provide adverts etc *is* essential

            "Do personalised adverts really work better? Trying to sell you stuff you just bought?"

            The kind of mentality that tries to sell you another car or washing machine misses the point that you'll need washing powder and tyres.

            Companies selling this stuff know that. The problem is that they have to go via marketing/advertising outfits who universally seem to be full of pushy twats with low IQs and poor reasoning skills, aided and abetted by marketing departments in the abovementioned companies full of the same kinds of people.

  7. demonwarcat

    Having both Facebook and Twitter accounts my layman's impression is that Facebooks new privacy controls do not meet the requirements of GDPR and Twitter's does. Though I would have preferred that Twitter giving me a 3rd party processing yes / no option I would have like the option to choose who could and couldn't. Since the option was all or nothing I naturally chose nothing. I wait to see Facebook's next attempt to get valid consent

  8. }{amis}{
    Happy

    A Living Legend

    If anyone near this master of chaos is reading this please shake his hand! and buy him a beer on me!

    1. a_yank_lurker

      Re: A Living Legend

      Give'm hell, Schrems

    2. Mephistro
      Pint

      Re: A Living Legend

      GO, MAX! GO!

      If we ever met in the real word, I owe this guy a few pints!

    3. Mr Han

      Re: A Living Legend

      I tried to send him a 6-pack of San Miguel but WHOIS came up blank, Facebook too. I can't seem to find his email address either.

      The man must be paranoid or something. It's as if he can't deal with a little SPAM, targetted advertising, hidden trackers, inavasions of privacy, identity theft, mass data collection and sharing, impossible to find opt-outs, almost non-existent opt-ins, and a general 'couldn't don't give a toss about your privacy' attitude.

      I will have to drink it myself by way of celebration.

      1. Jamie Jones Silver badge
        Happy

        Re: A Living Legend

        Yes, I'd be highly suspicious of him.. After all, if you've nothing to hide etc....

  9. nuked

    I like this guy

  10. Will Godfrey Silver badge
    Happy

    What a lovely day

    First BOFH and now this. What more could I ask for?

    Hmmm.

    How about monster May having an accident with an orange ladder, and the private hospital she's taken to having a data breach, revealing it was in breach of GDPR

    1. Pascal Monett Silver badge

      For sure, as long as you're dreaming, might as well go the whole hog.

    2. Phil 54

      Re: What a lovely day

      And that breach reveals that she's part of Windrush? Or actually from an EU27 country?

  11. LeahroyNake

    I have a Facebook account :o

    For managing company pages only.

    Nothing personal on there at all as far as I am aware.

    The only option given by Facebook today is to agree or delete the account.

    I don't think that is quite right somehow.

    1. Adam 52 Silver badge

      Re: I have a Facebook account :o

      "Nothing personal"

      Don't Facebook's terms say that you have to use a personal account to manage a corporate one? And Facebook will be tracking all your activity because they can't tell the difference between personal and work.

  12. Twanky
    Happy

    I sincerely hope...

    that Facebook attempts bully-boy tactics by threatening to withdraw their 'service' from EU countries.

    It probably won't happen but I can dream.

    I wonder if the eventual outcome will be a paid-for (with money) service?

    1. nematoad
      Thumb Up

      Re: I sincerely hope...

      "I wonder if the eventual outcome will be a paid-for (with money) service?"

      That would indeed be interesting. Then, perhaps, we will see just how much people value the services provided by Facebook for "free" as opposed to the punter having to pay real money to use FB's stuff. Another benefit would be that the user would become a customer and not the product.

      Interesting times!

      1. Alan Brown Silver badge

        Re: I sincerely hope...

        " we will see just how much people value the services provided by Facebook for "free""

        I block FB's tracking cookies and their tracking shit on other sites. Just about everything I post on their site is simply reposts intended to gum up their tracking and I use FB purity to block all adverts when on FB,

        If everyone did the same thing, they'd have a hard job selling anything.

        There are two ways of responding to the slurpers - one is to try and hide from them, but if it's impossible to do so, then choke the bastards with an never ending stream of irrelevant content.

  13. Donchik
    Big Brother

    How can just a new privacy policy be compliant

    I'm fascinated by the steady stream of GDPR emails rolling through my inbox.

    A lot appear to have done the right thing, and are asking for us, the data providers, to provide a clear permission through links to preference pages on their sites. Not problem as I'm happy to tell them what I'd like them to do with their service and my data etc.

    Many just like Facebook, Google, and many smaller fry have simply sent an email advising that GDPR has caused them to revise their privacy policy, and provide a link to this. Several have even said continued use of our service constitutes acceptance of these new privacy rules! I think we all know this is not legal in the eyes of GDPR.

    I understand some confusion, but this is being deliberately obtuse and I hope the ICO's in all these countries crack down across the board. Consent must mean consent (I know I hate the Brexit analogy)

    1. Yet Another Anonymous coward Silver badge

      Re: How can just a new privacy policy be compliant

      Anyone else feel this plays straight into Facebook / google's hands ?

      Like big car companies demanding every stricter safety regs that only their newest cars meet.

      Like everyone else I have got a bunch of emails from everyone I have dealt with asking for permission to keep contacting me. Like everyone else I ignored them.

      But vital social media services I use everyday (ie el'reg) I am going to agree to their terms - so soon only those must-use-everyday services are going to have permission to contact me and so will control 100% of online advertising.

      1. Alan Brown Silver badge

        Re: How can just a new privacy policy be compliant

        "Like everyone else I have got a bunch of emails from everyone I have dealt with asking for permission to keep contacting me. "

        If you signed into a mailing list, then you already gave permission and they can carry on.

        The ones asking for permission to keep contacting are admitting they weren't holding your permission and have been breaching the ASA's rules for the last decade. This time the law has teeth and they're worried.

    2. diadomraz

      Re: How can just a new privacy policy be compliant

      The thing is most services do not need your consent if they are using your data for legitimate purposes. For example an online store needs your address and is allowed to share it with a delivery company in order to ship you the goods you have ordered.

      If they do not plan to share it with anybody else and you are able to request that your data is removed after the order is complete, they are GDPR compilant

      1. Charles 9

        Re: How can just a new privacy policy be compliant

        But they're not supposed to REMEMBER it, lest the information leak out. Seems every customer in every store going forward will be a stranger: no history or nothing unless they're not customers but clients, implying a different level of relationship.

        1. John H Woods Silver badge

          Re: How can just a new privacy policy be compliant

          "but they're not supposed to remember it"

          Not without your consent, what's your point?

          1. Charles 9

            Re: How can just a new privacy policy be compliant

            "Not without your consent, what's your point?"

            Then you're no longer a customer but a client, which implies a more-personal relationship with you...and a more-stringent legal liability on the part of the vendor.

            1. Spanners Silver badge
              Happy

              Re: How can just a new privacy policy be compliant

              Then you're no longer a customer but a client

              Beats being a product...

        2. Alan Brown Silver badge

          Re: How can just a new privacy policy be compliant

          "But they're not supposed to REMEMBER it, lest the information leak out. "

          Yup.

          So the store needs to ask permission to remember you for future transactions, BUT it also needs to ask separate permission if they want to send you marketing mail AND a separate set of permission if they want to pass your data to an outsourced marketer.

          What they're actually doing is rolling it into a 3-in-1 permission and refusing to deal with you if you don't give them permission to retain your data past the transaction. I can't see this lasting long once regulators catch on.

      2. TheVogon

        Re: How can just a new privacy policy be compliant

        "If they do not plan to share it with anybody else and you are able to request that your data is removed after the order is complete, they are GDPR compliant"

        There is a lot more to GDPR than if they are entitled to the data itself. To be compliant there are many other requirements they must meet.

    3. Alan Brown Silver badge

      Re: How can just a new privacy policy be compliant

      "I'm fascinated by the steady stream of GDPR emails rolling through my inbox."

      I'm fascinated by the fact that just about every entity out there waited until deadline day to attempt to update permissions instead of asking in good time. It's not as if they haven't had 2 years' notice.

      Perhaps they were all hoping that it was a bad dream?

  14. GrapeBunch

    Somebody will give it to us.

    That's how it worked from the beginning, isn't it? The initial pale settlers would have starved if the people who were already living there hadn't taken pity on them. That's Thanksgiving. No agri-fortunes would have been made if it weren't for slavery. When that suddenly ended, Jim Crow laws somewhat turned back the clock. When the Injuns and buffalo weren't useful anymore, they were killed and shunted aside. Slavery is still gone, but the whole [illegal] immigrant migrant farmworker thing is a convenient framework for similar results. Even the current crackdown and export of farm workers with crops rotting in the fields, that's a coup by the preëminent agri-businesses to even more completely dominate the market. Once the producers have gone bust or sold for pennies on the dollar, the bigger businesses will move to complete the picture. Unharvested crops, meh, somebody will get to them.

    Sometimes others were willing to die, and pay for the privilege. They waited. Someone else would do it.

    Intellectual property has a shelf life, but us has cornered the cupboard and altered the labels. Free money.

    So, yeah, this is a chapter in an old story.

  15. Phil Endecott

    Micropayments

    Please can someone implement a proper micropayments system for the web so that we can pay for things using money, rather than by exposing our privates?

    Seriously, Prestel could do this 40 years ago and WWW still hasn’t caught up. I thought cryptocurrencies might help but apparently they solve a slightly different problem. Conventional-style online payments (credit cards, Paypal) are fine for larger payments but don’t scale down to £0.001 for a web search.

    1. Tom Chiverton 1

      Re: Micropayments

      Micropayments exclude the poor from (essential) services like news and search.

  16. Anonymous Coward
    Anonymous Coward

    Oath Hell too please

    Past 3 days, everytimeI open the browser (Firefox) it nags me to give my consent (or otherwise) before I can go to my homepage (Yahoo).

    I deselct all advertising from Oath and its partners and save/OK till I land on my page.

    After closing and reopening the browser, back to the same routine . Meana it does not not save my preferences at all and insists I accept cookies form their advertsisers, in which I am least interested.

    WTF ? Is this what GDPR is supposed to do ? Thought it would protect us, instead its started to nag, accept or else !

    1. Orv Silver badge

      Re: Oath Hell too please

      I'm not sure how they would store your preference if they can't store cookies or include any sort of personal identifier.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Oath Hell too please

        But I have allowed firefox to accept cookies, ALWAYS !

      3. Chris Fox

        Re: Oath Hell too please ... and worse

        "I'm not sure how they would store your preference if they can't store cookies or include any sort of personal identifier."

        If you don't have a cookie, e.g. because you block or delete cookies to prevent tracking, and for that reason they cannot link you to any record of consent, then the default assumption should be that you have not consented. To do what Oath, Facebook, Google et al do, and assume you have consented by default, and then require you to jump through hoops, and enable tracking in order to "withdraw" this "consent" that was never given is hardly in the spirit of what is meant by "freely given consent". And in some cases you are not even given an opportunity to withdraw consent for some non-essential-but-profitable uses of your data. Of course changing the defaults to make them comply with the law may have implications for some business models, but that is hardly news

        Other US-centric companies operating in the EU seem to have been very poorly advised, even when compliance should be trivial. Some have "opt-ins" for non-essential sharing with third-parties being written into new, supposedly "GDPR-compliant" contracts, which have to be "agreed" to in order to continue using a service, and terms concerning jurisdiction that seem intended to prevent prosecution under GDPR legislation, despite having a physical presence in the EU. This would have been dodgy even under the pre-GDPR regime.

        I'm having to deal with one hosting company that has required me to accept a new contract with terms that allow sharing of personal data with third-party marketing organisations, and "Modal Contract Clauses", in order to continue using an existing UK-based service. The only nod in the general direction of "freely given consent" in this case consists of the opportunity to write to their head office requesting that they do not share personal data with third-party marketing companies. And this for a company for whom GDPR compliance is actually in their interests if they want EU companies to continue using their EU-based hosting services without themselves falling foul of the regulations.

        1. Danny 14

          Re: Oath Hell too please ... and worse

          that isnt because of GDPR, its because of a shit website.

        2. Alan Brown Silver badge

          Re: Oath Hell too please ... and worse

          "I'm having to deal with one hosting company that has required me to accept a new contract with terms that allow sharing of personal data with third-party marketing organisations, and "Modal Contract Clauses", in order to continue using an existing UK-based service. "

          Send a heads-up to the ICO.

    2. Mephistro

      Re: Oath Hell too please (@ AC)

      "Past 3 days, everytimeI open the browser (Firefox) it nags me to give my consent (or otherwise) before I can go to my homepage (Yahoo)"

      I've suffered similar symptoms after Firefox upgrades. My workaround is to restart the computer. I guess the certificates store gets messed somehow in the update, perhaps with the help of Ghostery or a similar tool that, for some reason, I never remember to shut down before updating the browser. 8^)

    3. Jamie Jones Silver badge

      Re: Oath Hell too please

      WTF ? Is this what GDPR is supposed to do ? Thought it would protect us, instead its started to nag, accept or else !

      Um no. It's not GDPR doing that.

      "That damn law making it a crime to rob... I thought it would protect us, instead it's making people use guns"

      (OK, crap analogy, but it's only just gone 7.00am!)

  17. Anonymous Coward
    Anonymous Coward

    I have but ONE wish...

    that GDPR was adopted in the US as well.

    1. Anonymous Coward
      Anonymous Coward

      Re: I have but ONE wish...

      Get a VPN with an exit in Europe and use it to browse the web. As far as Google, Facebook or anyone else knows you are an EU user. You might need a clean install of your OS, to create email accounts from scratch, use an EU based VOIP phone number, etc. to avoid leaking information that would let them know you are an American.

      And whatever you do, don't use Android! Apple would know you aren't an EU citizen if you use an iPhone, but since borders of their walled garden are quite clearly defined and far smaller than Google's tentacles reaching across the entire internet, that's an obvious choice - just don't let any of the services you are fooling into thinking you are EU-based have your US based mobile number!

      Of course since you wouldn't be a citizen of the EU you wouldn't have any recourse if companies don't obey the GDPR, but if they don't know you aren't an EU citizen they'll be forced to treat you as such.

      Wouldn't help with services like Amazon where they need to know your real address so you can receive shipments, but for everything that is exclusively electronic you can maintain your secret identity as a resident of some English speaking locale in the EU. You would want to shop off a separate PC or a VM that doesn't exit via your Euro VPN.

    2. TheVogon

      Re: I have but ONE wish...

      "that GDPR was adopted in the US as well."

      It will have to be for any company that still wants to trade or interact with the EU. Let's not forget that the EU is a larger market than the US both in terms of GDP and in terms of population.

      1. Anonymous Coward
        Anonymous Coward

        Re: I have but ONE wish...

        But if the price to enter that market's too high, they may throw up their hands and just settle for what they've got as "good enough". It's not like accessing the European market is essential to staying in business, is it? Skimming off a lot and squeezing a few dry can be a wash, depending on the circumstances, which is why boutiques can still exist alongside big boxes.

        1. John Brown (no body) Silver badge

          Re: I have but ONE wish...

          "It's not like accessing the European market is essential to staying in business, is it?"

          Depends on if they are a publicly listed company. As far as the stock market is concerned, it's grow or die. Just making a profit is not enough. It has to be more profits than last year and at least as much more as the analysts predict or the stock price tumbles.

          Having said that, most companies don't have much, if any, dealings outside their own borders (I include trade borders such as the the EU where the effective border is the EU and EEA rather than simply the national borders)

          1. Danny 14

            Re: I have but ONE wish...

            let the US companies (that farm, scrape and ignore your rights to your data) shut down in the EU. An EU one will take its place and export to the US. That way the US can then decide if it wants to use a product that suggests to abusing your data or one that doesnt.

            1. Charles 9

              Re: I have but ONE wish...

              "let the US companies (that farm, scrape and ignore your rights to your data) shut down in the EU. An EU one will take its place and export to the US. That way the US can then decide if it wants to use a product that suggests to abusing your data or one that doesnt."

              That probably wouldn't affect a company like Facebook that has the Americas AND Asia in its pocket already (and if you don't believe me, look for Facebook in Asian dumbphones). Their inclusion is their very selling point, and the Americas and Asia combine outpopulate Europe, so they may be willing to wait and see if Facebook-starved Europeans who can't use it to maintain their Facebook-only contacts outside Europe come crawling back or risk walking on the Sun.

              Until one of those European companies can convince Asian phone manufacturers to put an app in their dumbphones, I think it's going to be Interesting Times.

    3. Jamie Jones Silver badge

      Re: I have but ONE wish...

      Well, if you own a domain name, it appears they've now removed your personal details from public viewing.. for everyone.

      Also, I'm sure others will follow MS's lead... until the lobbyists wake up!

    4. Spanners Silver badge
      Pint

      Re: I have but ONE wish...

      Too many lobbyists to allow that. The fact that the EU has fewer has been identified as a reason why some companies wanted the UK out.

      I agree with your wish. Not only would that make people there better off but it would infuriate just the right people!

  18. 404

    Worth it to escape to Europe...

    Just to clear the air... No way in hell will GDPR-like protections being enabled here in the Land of the... well, you've heard of it...

    o_o

    1. Danny 14

      Re: Worth it to escape to Europe...

      apart from Microsoft?

      http://tech.newstatesman.com/business/microsoft-gdpr-privacy-rules-worldwide

  19. Anonymous Coward
    Anonymous Coward

    Fantipantidozy

    This is the best entertainment. How dare the EU destroy the money to be made from total and utter bullshit.

  20. Jamie Jones Silver badge

    My address has gone off whois!

    I just notice my name and address has gone off my domains whois entries for .com, and the address for the .orgs now just say "South Wales'.

    These results are replicated on domains that were registered with a different company.

    Same effect on US owned domains, and with me calling from a US based address.

    I hope y'all sold your stock in "domain privacy" companies!

    1. Mage Silver badge
      Happy

      Re: My address has gone off whois!

      Wonderful.

      Now how to get all the scammers & spammers (mostly in USA) that scraped that and sending me "offers" of SEO, videos, content, adverts etc for all my domains?

      How to cancel the annual privacy fee on the few that are "anonymous"?

      IMO this was always abusive and illegal use of data. It should ALWAYS have needed a court order, like finding out who used an IP on a particular date/time.

      1. Jamie Jones Silver badge

        Re: My address has gone off whois!

        Yep, and obviously not a "critical part of the infrastructure"

        Of course, originally when only companies and organisations had domain names, it was useful.

        My guess is that when it started to get personal, any discussions on making in private were met with "charitable donations".

        Either that, or they realised they could make money selling it off directly ("We aren't doing anything wrong, it's all public information")

        It was never a technical or legal use, and they were right arseholes to ever try to spin it that way.

        1. John Brown (no body) Silver badge

          Re: My address has gone off whois!

          "Either that, or they realised they could make money selling it off directly ("We aren't doing anything wrong, it's all public information")"

          I suspect that is the reason. It's only relatively recently that the Ts&Cs that appear when doing a whois specify that bulk scrapping of the whois data is not allowed. At one time, all you got sent was the whois data, no "legalese" appended.

      2. Steve K

        Re: My address has gone off whois!

        GoDaddy at least are switching my domains to hidden WHOIS for nothing and are refunding the balance of my domain privacy fees.

  21. Hans 1

    microsoft?

    Has Max Schrems upgraded to windows 10 1803, yet, Because, well, you can choose between slurp or slurp, "no slurp" is NOT an option... this gonna get bloody!

    1. Danny 14

      Re: microsoft?

      however (playing devils advocate, i dont actually agree with it) the last option can be argued as essential to service as it is for product fault reports and improvement of service. The fact that GDPR has a proviso of keeping your PCs up to date would view this as possibly mandatory!

  22. Andalou

    Don't say mail, say

    Yahoo! mail presented me with a rather strange and probably non-compliant burden a few days ago. I was expected to spend double figures of minutes marking individual check boxes that were presented only nine at a time - and there were nearly four hundred of them in a single scrolling dialog.

  23. Agent Tick

    Schrems is our modern age Sir Don Quixote of La Mancha fighting windmills (again) - good luck!

  24. Twilight

    Given that Facebook and Google both pay for their "free" services by doing things with your personal data, I seriously doubt they will ever comply with GDPR in a way that most people want. If they allow people to opt out of their slurping of data then the alternative will likely be a paid service (instead of "free") - personally, I'd be happy to pay a reasonable amount for Google to have GDPR-compliant data usage (however, I'm in the US so I probably won't have that option).

  25. Cuervo

    Re: Micropayments

    See here

    medium.com/coil/coil-building-a-new-business-model-for-the-web-d33124358b6

  26. Anonymous Coward
    Anonymous Coward

    Definately feels like forced consent.

    But then, so did Internet Explorer and Microsoft Office some time not to long ago.

  27. Anonymous Coward
    Anonymous Coward

    Credit Reference Agencies NO consent.

    I would like to see credit reference agencies like equifax, espirum, call credit etc challenged.

    The vast majority of us have no contract with these companies to hold our personal and financial data which is given to them by multiple companies who give them this data despite it not being necessary for them to pass on this data to provide us whatever service they provide, Banking, Insurance etc etc. and i haven't seen a box explicitly requesting individual consent for this sharing separate from a blanket accept our T&C in full.

    The Credit Reference agencies then SELL this data out to other companies without our permission as we don't even have a contract with them and have never given them informed consent to do so..

    1. Alan Brown Silver badge

      Re: Credit Reference Agencies NO consent.

      "The Credit Reference agencies then SELL this data out to other companies without our permission as we don't even have a contract with them and have never given them informed consent to do so.."

      You've always been able to prevent this with a DPA section 11 notice. The CRAs make more money selling your data to advertisers/marketers than actual credit lookups.

      Of course, this is now the default position under the law. It's going to be interesting what happens next.

  28. FlamingDeath Silver badge

    Another manifestation of the abhorrent-behaviour-inducing-monetery-system

    When are we going to evolve?

    It's almost the fucking year 2100

    If peoples fundamental needs were met, would they still act like cunts?

    This cache / cash system is stupid, can theoretically hold more wealth than the world can actually provide for. If this seems offtopic, it's because you're asleep

    1. Ken Hagan Gold badge

      "It's almost the fucking year 2100"

      Is that a different fucking epoch from "AD", because by my calculations we are closer to 1947 than 2100.

      New in 1947:

      communist Poland, Polaroid cameras, the Cold War, UFOs, Prince Philip, India and Pakistan, "actual" computer bugs, the AK-47, transistors, Israel, David Bowie.

  29. Cheesemouse

    GDPR?

    What is GDPR anyway? It sounds familiar. Is this something to do with the privatisation of railways? In which case this is the wrong forum.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like