I'm into slutting it up. In Starcraft.
29 stories
·
0 followers

Cookie consent still a compliance trash fire in latest watchdog peek

1 Comment and 2 Shares

The latest confirmation of the online tracking industry’s continued flouting of EU privacy laws which — at least on paper — are supposed to protect citizens from consent-less digital surveillance comes by Ireland’s Data Protection Commission (DPC).

The watchdog did a sweep survey of around 40 popular websites last year — covering sectors including media and publishing; retail; restaurants and food ordering services; insurance; sport and leisure; and the public sector — and in a new report, published yesterday, it found almost all failing on a number of cookie and tracking compliance issues, with breaches ranging from minor to serious.

Twenty were graded ‘amber’ by the regulator, which signals a good response and approach to compliance but with at least one serious concern identified; twelve were graded ‘red’, based on very poor quality responses and a plethora of bad practices around cookie banners, setting multiple cookies without consent, badly designed cookies policies or privacy policies, and a lack of clarity about whether they understood the purposes of the ePrivacy legislation; while a further three got a borderline ‘amber to red’ grade.

Just two of the 38 controllers got a ‘green’ rating (substantially compliance with any concerns straightforward and easily remedied); and one more got a borderline ‘green to amber’ grade.

EU law means that if a data controller is relying on consent as the legal basis for tracking a user the consent must be specific, informed and freely given. Additional court rulings last year have further finessed guidance around online tracking — clarifying pre-checked consent boxes aren’t valid, for example.

Yet the DPC still found examples of cookie banners that offer no actual choice at all. Such as those which serve a dummy banner with a cookie notice that users can only meaningless click ‘Got it!’. (‘Gotcha data’ more like.. )

In fact the watchdog writes that it found ‘implied’ consent being relied upon by around two-thirds of the controllers, based on the wording of their cookie banners (e.g. notices such as: “by continuing to browse this site you consent to the use of cookies”) — despite this no longer meeting the required legal standard.

“Some appeared to be drawing on older, but no longer extant, guidance published by the DPC that indicated consent could be obtained ‘by implication’, where such informational notices were put in place,” it writes, noting that current guidance on its website “does not make any reference to implied consent, but it also focuses more on user controls for cookies rather than on controller obligations”.

Another finding was that all but one website set cookies immediately on landing — with “many” of these found to have no legal justification for not asking first, as the DPC determined they fall outside available consent exemptions in the relevant regulations.

It also identified widespread abuse of the concept of ‘strictly necessary’ where the use of trackers are concerned. “Many controllers categorised the cookies deployed on their websites as having a ‘necessary’ or ‘strictly necessary’ function, where the stated function of the cookie appeared to meet neither of the two consent exemption criteria set down in the ePrivacy Regulations/ePrivacy Directive,” it writes in the report. “These included cookies used to establish chatbot sessions that were set prior to any request by the user to initiate a chatbot function. In some cases, it was noted that the chatbot function on the websites concerned did not work at all.

“It was clear that some controllers may either misunderstand the ‘strictly necessary’ criteria, or that their definitions of what is strictly necessary are rather more expansive than the definitions provided in Regulation 5(5),” it adds.

Another problem the report highlights is a lack of tools for users to vary or withdraw their consent choices, despite some of the reviewed sites using so called ‘consent management platforms’ (CMPs) sold by third-party vendors.

This chimes with a recent independent study of CPMs — which earlier this year found illegal practices to be widespread, with “dark patterns and implied consent… ubiquitous”, as the researchers put it.

“Badly designed — or potentially even deliberately deceptive — cookie banners and consent-management tools were also a feature on some sites,” the DPC writes in its report, detailing some examples of Quantcast’s CPM which had been implemented in such a way as to make the interface “confusing and potentially deceptive” (such as unlabelled toggles and a ‘reject all’ button that had no effect).

Pre-checked boxes/sliders were also found to be common, with the DPC finding ten of the 38 controllers used them — despite ‘consent’ collected like that not actually being valid consent.

“In the case of most of the controllers, consent was also ‘bundled’ — in other words, it was not possible for users to control consent to the different purposes for which cookies were being used,” the DPC also writes. “This is not permitted, as has been clarified in the Planet49 judgment. Consent does not need to be given for each cookie, but rather for each purpose. Where a cookie has more than one purpose requiring consent, it must be obtained for all of those purposes separately.”

In another finding, the regulator came across instances of websites that had embedded tracking technologies, such as Facebook pixels, yet their operators did not list these in responses to the survey, listing only HTTP browser cookies instead. The DPC suggests this indicates some controllers aren’t even aware of trackers baked into their own sites.

“It was not clear, therefore, whether some controllers were aware of some of the tracking elements deployed on their websites — this was particularly the case where small controllers had outsourced their website management and development to a third-part,” it writes.

The worst sector of its targeted sweep — in terms of “poor practices and, in particular, poor understanding of the ePrivacy Regulations and their purpose” — was the restaurants and food-ordering sector, per the report. (Though the finding is clearly based on a small sampling across multiple sectors.)

Despite encountering near blanket failure to actually comply with the law, the DPC, which also happens to be the lead regulator for much of big tech in Europe, has responded by issuing, er, further guidance.

This includes specifics such as pre-checked consent boxes must be removed; cookie banners can’t be designed to ‘nudge’ users to accept and a reject option must have equal prominence; and no non-necessary cookies be set on landing. It also stipulates there must always be a way for users to withdraw consent — and doing so should be as easy as consenting.

All stuff that’s been clear and increasingly so at least since the GDPR came into application in May 2018. Nonetheless the regulator is giving the website operators in question a further six months’ grace to get their houses in order — after which it has raised the prospect of actually enforcing the EU’s ePrivacy Directive and the General Data Protection Regulation.

“Where controllers fail to voluntarily make changes to their user interfaces and/or their processing, the DPC has enforcement options available under both the ePrivacy Regulations and the GDPR and will, where necessary, examine the most appropriate enforcement options in order to bring controllers into compliance with the law,” it warns.

The report is just the latest shot across the bows of the online tracking industry in Europe.

The UK’s Information Commission’s Office (ICO) has been issuing sternly worded blog posts for months. Its own report last summer found illegal profiling of Internet users by the programmatic ad industry to be rampant — also giving the industry six months to reform.

However the ICO still hasn’t done anything about the adtech industry’s legal blackhole — leading to privacy experts to denouncing the lack of any “substantive action to end the largest data breach ever recorded in the UK”, as one put it at the start of this year.

Ireland’s DPC, meanwhile, has yet to put the decision trigger on multiple cross-border investigations into the data-mining business practices of tech giants including Facebook and Google, following scores of GDPR complaints — including several targeting their legal base to process people’s data.

A two-year review of the pan-EU regulation, set for May 2020, provides one hard deadline that might concentrate minds.

Read the whole story
cosmotic
92 days ago
reply
i'll tell you what's a trash fire with regard to cookies: The cookie banners I have to incessantly click on all day. I've never once click deny. There's no reason to. It's California prop 65 all over again except you can just ignore prop 65; cookie warnings jump in your face.
Chicago, Illinois
Share this story
Delete

After passenger told U.S. Customs agent that her suitcase once held a smashed banana, she was detained and added to a watch list

1 Comment

In Reader's Digest, Megan Kennett writes about the time a U.S. Customs and Border Patrol agent at JFK asked her if she was bringing any fresh fruit or vegetables into the country. Instead of truthfully answering "no" she said told the agent she had gotten rid of a smashed banana and that's why her suitcase might smell like a banana. As soon as she said that, "the agent stood up, took my passport, and then started to walk away, looking at me only once to say, 'Follow me.' That was it. No explanation, no going back."

She was taken to a holding room:

The banana police then brought me to what I like to call “agriculture jail,” which is a holding room for the USDA. Here, as with the agent, no one spoke to me or explained what was happening—or gave me back my passport... After a while, an agent behind the desk called my name and handed me my passport. “Can you tell me what’s going on?” I inquired. “Take your bags to the secondary agriculture check,” was the reply. So, that was a “no.”

Kennett was finally cleared to go when a more thorough search revealed that she was not in possession of a banana. But she says she was added to a watch list of banana smugglers and every time she traveled for the next year she and her family were escorted to “agriculture jail” and sent through secondary screening.

Photo by Alberto Bigoni on Unsplash

  Read the rest

Read the whole story
cosmotic
134 days ago
reply
Fuck.
Chicago, Illinois
Share this story
Delete

Can You Solve the 'Hanging Cable' Problem, Used as an Amazon Interview Question?

3 Comments
An anonymous reader shares a problem that Amazon asks in its interviews: A cable of 80 meters is hanging from the top of two poles that are both 50 meters off the ground. What is the distance between the two poles (to one decimal point) if the center cable is (a) 20 meters off the ground and (b) 10 meters off the ground?
* <><><><><>

<><><><><>
Read the whole story
cosmotic
139 days ago
reply
TLDW: it's a trick question, no calculations needed. Polls are 0 meters apart since 50-10=80/2
Chicago, Illinois
Share this story
Delete
2 public comments
zwol
139 days ago
reply
This is like the company once heard of Fermi problems and has been playing telephone with the concept.

Regardless, if someone sprang this on me I would say “I would have to look up the formula for that, shall I demonstrate my ability to do so?” and if they didn’t accept that I would walk out.
Pittsburgh, PA
tingham
139 days ago
I've already been through this interview. At least I had a nice cheeseburger on sourdough while I was there.
jepler
139 days ago
reply
no, I couldn't do it on the spot. your favorite interview question is dumb.
Earth, Sol system, Western spiral arm

Why Are We Polarized? Don't Blame Social Media, Says Ezra Klein

1 Comment and 2 Shares
The Vox editor explains why there's no chapter devoted to Facebook or Twitter in his new book about how the US is more divided than ever.
Read the whole story
cosmotic
146 days ago
reply
I blame professional sports
Chicago, Illinois
Share this story
Delete

America Must Not Become Socialist, Lest We Abandon What Makes Our Country Awful

2 Comments and 6 Shares

According to a recent Gallup poll, the majority of Democrats have a positive view of socialism. With the rise of Bernie Sanders as the clear and obvious front runner for the Democratic nomination, it seems Americans are starting to warm to the idea of a more socialist America. But America must never become socialist, lest we abandon what makes our country awful.

If America embraces “Venezuelan-style” socialism, a term we all know the meaning of that I will refuse to explain, make no mistake — America will no longer be the land of the free that all of us wealthy white people know and love. Just take a second and think about it: healthcare that woefully lags behind the rest of the world, crumbling infrastructure, a corrupt and incompetent electoral process. And now, stop thinking about America, and start thinking about what it’s like in Venezuela. Under socialism, Americans might have to ration their medicine — and not just their insulin, like we currently do. Americans will be forced to spend hours waiting in long lines at the hospital, instead of spending that time with your family, huddled around the phone with a Kaiser Permanente customer service rep, as you try to understand why you were billed three grand for an x-ray.

Americans need to understand that a socialist government, while sounding good in theory, would ultimately result in totalitarianism. A socialist government could use its power to spy on its citizens, listening to their phone conversations, reading their email, even watching them through their laptop cameras. In America, our intelligence agencies can only do those things if they lie to Congress about it first. Our Founding Fathers created this illusion of checks and balances to keep every facet of our government equally unaccountable. If that feels undemocratic or authoritarian to you, know that capitalism allows for private tech companies, like Amazon, Google, Facebook, Apple, and Microsoft, to sell you the home assistants that make our surveillance state function. A socialist government would merely invade your privacy, forgoing all that juicy profit! The American free-market creates competition, and competition pushes these tax-dodging corporations to be better, so they can do worse by you, the public. And as we all know, private industry is far better at infringing upon your rights than the government.

A socialist government just can’t effectively govern — one only needs to look to Venezuela, the only socialist country I can think of. In socialist Venezuela, there is a question about who the rightful president is — is it the man the people elected, or is the puppet our government is desperately trying to install? Who can tell? It’s total chaos brought on by decades of American imperialism down in socialist Venezuela. Luckily, in America, we know exactly who our president is — it’s the man who was just declared innocent in a sham trial with no witness and a jury predisposed toward acquittal. No confusion, no instability — the president is the rapist reality TV show host. And yes, while it may be concerning that Trump is in lockstep with the legislative branch that was intended to limit his power, he is not a king. The ever-expanding scope of the executive branch ensures he has far more power than any 18th-century monarch could ever dream of — exactly as our Founding Fathers intended.

You will not find freedom in a socialist country, and it’s our freedoms that make America great. By no rational account, we are the freest country in history, and we have armies all over the world losing wars every day to defend those freedoms. The freedom for your landlord to charge you whatever they want. The freedom to pay back your exorbitant student loans over however many decades you decide. The freedom to walk into a grocery store and select one of the hundred different brands of cereal made by one of two global conglomerates. The freedom to vote for whichever candidate the DNC wants you to, if the iPhone app their idiot stepson designed somehow manages to function. And it’s that last freedom, the right to participate in our democracy, that’s the most important. In America, we believe that anyone with money can participate in our corrupt political process. One billion dollars equals one vote, no matter who you are.

So young people, people of color, women, the LGBTQ community, the working class, and anyone else in the overwhelming majority who are considering voting for Bernie Sanders — mark my words. America is not, and never will be, a socialist country. We will become Nazis before we ever allow that.

Read the whole story
cosmotic
147 days ago
reply
Chicago, Illinois
Share this story
Delete
2 public comments
jlvanderzwan
147 days ago
reply
The worst part is that there's voters out there who can still be Poe's Lawed by this.
satadru
147 days ago
reply
Savage
New York, NY

$11 Billion And Counting: Trump's Border Wall Would Be The World's Most Costly

1 Comment and 3 Shares
A new section of the border wall is seen in November 2019 south of Donna, Texas. Trump

The costs keep piling up for Trump's border wall which has a current pricetag of $11 billion — nearly $20 million per mile. It's more expensive than any other wall under construction in the world.

(Image credit: Verónica G. Cárdenas for NPR)

Read the whole story
cosmotic
170 days ago
reply
Don't forget the deconstruction cost of inevitably removing the wall.
Chicago, Illinois
Share this story
Delete
Next Page of Stories