The standard popups are 100% against the GDPR. In the GDPR, all consent must be explicit, uncoerced, and opt-in. If I recall correctly, there can be a request displayed to the user, but the "No tracking" option must be the default, and must not require any more user interaction than the "Yes tracking" option. If there is a "Yes tracking" button that immediately closes the banner and continues, then even having a "are you sure" dialog on the "no tracking" button breaks the GDPR.
The GDPR gets this exactly right, and advertising companies are flagrantly breaking it. I'm hoping that there is actually some enforcement on it as well.
Everyone here seems to be unaware of article 7, section 3:
>The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
Are there some semantic games being played here whereby the initial “Accept vs Customize” dark pattern dialogs don’t count as “withdrawing” consent because no consent has been given at that point? I.e. the annoying path of clicking Customize isn’t actually the withdrawal process, but is just the method of gaining acceptance?
They're definitely trying that as a loophole, but it won't hold up. "No action/response" can't count as consent, and so if you never granted it, then they don't yet have it to begin with and aren't allowed to collect.
> Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
> If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
Then you get nowhere. The actually compliant popups (maybe about 1/3?) have a really hard to see "reject" button somewhere, while the others make it impossible or force you to click "learn more" (of course customzation options are behind that, very logical yes) and deselct everything manually.
Asshole design ("dark patterns") should be illegal generally, but in this case it already clearly is. Can we have some enforcement, already? Ideally for both buyers and sellers of the terrible stuff.
Yes, and a lot of dismiss buttons -- not just for this, but all kinds of ads/pop-ups -- flat out don't work on mobile landscape mode, which gives them plausible deniability.
The GDPR gets this exactly right, and advertising companies are flagrantly breaking it. I'm hoping that there is actually some enforcement on it as well.