Wilbur Ross, the US commerce secretary has penned an opinion piece about GDPR in the Financial Times[Paywalled, but a search on quoted text is fruitful. -Ed.]
In short, GDPR is unclear -- "guidance on GDPR implementation is too vague" -- will create barriers to trade -- "serious, unclear legal obligations for both private and public sector entities, including the US government", could threaten public welfare on both sides of the Atlantic, delay the approval of new life-saving drugs and prevent the effective treatment of epidemics like Ebola.
[...] We do not have a clear understanding of what is required to comply, the commerce secretary sighs.
And then Whois.
GDPR also raises concern for law enforcement and intellectual property rights by restricting access to publicly available internet domain-name registration data. We anticipate companies will either stop providing "Whois" lookup services outright, or make it hard to access information. That could stop law enforcement from ascertaining who is behind websites that propagate terrorist information, sponsor malicious botnets or steal IP addresses.
Finally, secretary Ross dropped an interesting note, about the US Postal Service no less. Tantamount is that "the new rules will prevent EU postal operators from providing the personal data on individuals it needs to process inbound mail."
Assuming the commerce secretary isn't talking about name and address: what other personal information is required?
(Score: 4, Interesting) by quietus on Friday June 01 2018, @08:42AM (6 children)
Forbes.com now claims to conform to GPDR.
On its welcome screen, If you click the "Continue to site" button, you consent to Forbes' use of all kinds of tracking techniques. If you click on the "More information" button, however, you suddenly get to select which cookies you'll be willing to allow (required, functional, advertising).
If you only select the required cookies, there's a button "Advanced settings" where you again have to out-select the other types of cookies (functional, advertising). Submit your preferences and you get a screen stating We are processing your request to optin/opt-out of receiving targeted ads. Your web activity will no longer be used for targeted advertising by the companies. That takes quite a while (a few minutes). Then you're presented with a screen
.
Clicking on the button underneath, however, transports you back to the second screen from the start, stating that some opt-outs failed due to timeout, and please try again.
You can repeat that endlessly, apparently; and each time about two-hundred-thirty (230) requests are sent out.
I imagine there's a big smirking grin on the face of some javascript programmer in Forbes.com' IT department.
(Score: 0) by Anonymous Coward on Friday June 01 2018, @10:20AM (3 children)
Malicious compliance is still compliance. I expect we'll see more of this, assuming the 40% EU advertising falloff figure I saw the other day was legit.
(Score: 3, Interesting) by Anonymous Coward on Friday June 01 2018, @10:47AM
Not in Europe. Our regulators get really pissed off at stuff like that, and they're likely to hit you with a bigger fine than if you just didn't do anything. AFAIK, most regulations have provisions that allow for dropping that particular (sledge)hammer.
If they don't get their shit together, Forbes may be in for some hilarious revelations. Well, hilarious for me. :D
(Score: 1, Informative) by Anonymous Coward on Friday June 01 2018, @10:16PM (1 child)
But an opt-out system is not compliant, malicious or not. Quoting recital 32 [gdpr-info.eu], which provides rationale for article 7 [gdpr-info.eu]:
(Score: 0) by Anonymous Coward on Saturday June 02 2018, @04:39PM
> Silence, pre-ticked boxes or inactivity should not therefore constitute consent
#MeToo
(Score: 3, Insightful) by Justin Case on Friday June 01 2018, @01:02PM
Anyone who believes there is such a thing as a "welcome screen" doesn't understand how the web works.
Which, I grant you, is just about everybody, including over half of "web developers".
(Score: 0) by Anonymous Coward on Friday June 01 2018, @04:16PM
Or, websites could just look for and respect the "DoNotTrack" setting that browsers can be configured to send these days. It would be much easier overall for both sides. But, no... we have to choose the hard, complicated, "bad" way. :(