Again, folks say the cookie banners are not required, but even the EU web managers are unable to build a site without them. So maybe they are "practically" required for all sites?
> they're putting the exact same shackles on their domestic tech industry
The Digital Markets Act is an attempt to fix this by targeting the American tech companies specifically, without explicitly naming them in the law. I would venture that the DMA is why Gemini isn't available in the EU right now, like it is in the rest of the world where US companies are allowed to do commerce.
Actually they are not targeting big tech companies, EU made legislation to protect its citizens from being exploited in various ways, the big tech companies are targeting themselves by employing practices which aim to exploit users (including EU citizens) in various ways.
This entire thread is weird trying to blame EU when OpenAI has ChatGPT rolled out and Google does NOT roll out Bard. Then it is obviously NOT the regulations, but rather Google trying to do shitty stuff or just not being ready
The poster doesn't seem familiar with the DMA. A key point of the DMA is a framework to lay out objective criteria which can be used to identify gatekeeper businesses.
Given the timing of the most recent EU review plus where OpenAI was in its growth curve at that time, they simply didn't fit the criteria, which were written to allow companies as big as Spotify to escape the regulations.
On the second point, you were replying while I was updating my comment, sorry about that. I know it's a controversial opinion, but from the perspective of the EU, I think having regulation that effectively only targets US Tech makes sense for the reasons mentioned above. It may not exactly be 'fair game', but to anyone who thinks the US isn't doing the exact same thing, I'm sure Airbus executives for one would have some enlightening stories.
On the first point, I think user rights trump developer convenience, so I stand by what I said.
> having regulation that effectively only targets US Tech makes sense
I agree, this may be good for Europe in the long term. However, one would expect to see the protectionist measures coupled with similar measures intended to generate competitive native alternatives. Limiting the expansion of Boeing is great, as long as you have Airbus. Without Airbus, you're starting to make some real compromises.
> to anyone who thinks the US isn't doing the exact same thing
US is currently playing both sides of this in the chip space in an attempt to wrestle some of the power back from China. Unlike the DMA, the US effort is putting a lot of money on the line to help build local alternatives.
IIRC Cliqz was an EU-financed search engine project that looked like it was going to be a contender, but I think Covid killed it. Projects like that could be the way.
Yeah, while I think some of the tech-related EU regulations like GDPR are a net benefit, the idea that you could become a leader in AI through regulation seems ludicrous to me.
In all fairness, there are some genuine European players in the AI space (eg Mistral), and they also produced one of the early global hits (StableDiffusion, which was largely developed in Munich afaik). But if you look at the overall footprint in AI (research output at top conferences, patents (which are basically impossible to get for anything software-related in the EU),...), Europe seems at risk of hopelessly falling behind. And in the face of that, it's concerning that policy makers' chief concern seems to be further curtailing it.
It's not just a question of whether or not there are banners. For corporate websites these banners are often designed to be as confusing as possible as to make turning off spying the least likely option chosen in aggregate.
That's also not legal though, and there's been moves to make DNT in browsers be enforceable as a user explicitly not consenting.
The laws themselves say that rejection should NOT be more difficult than accepting. You can make it as complicated as you want, only if the acceptance process is equally or more complicated.
Nothing to do with lawyers. They just don't set aggressive tracking cookies. How they internally settled is the real miracle. In almost every other company the marketing dpt "won" over UX.
What I never quite understand is the analytics issue. We had server logs for analytics long before everyone started using cookies for that.
In my opinion the cookie part of GDPR is clearly bad regulation. It requires cookie banners for some things that are not privacy issues. And at the same time it doesn't institute a sensible consent mechanism that doesn't in practice amount to constant harassment.
> We had server logs for analytics long before everyone started using cookies for that.
IIRC a server log that retains IP addresses is covered under GDPR and may itself require disclosure via e.g. a popup. (IP addresses are part of the protected class of personal data.)
More to the point, server logs != modern Web analytics. Modern Web analytics require someone to ingest lots of data and run an app to allow users to analyze that data. Common practice outside of sensitive industries like healthcare and finance means offloading all of that ingestion/storage/management/analytics to a third party, hence 3P cookies.
>IIRC a server log that retains IP addresses is covered under GDPR and may itself require disclosure via e.g. a popup. (IP addresses are part of the protected class of personal data.)
It is covered under GDPR but I think the general consensus is that server logs containing IP addresses do not require consent. You just need a legal basis for collecting the data and this has to be spelled out in the privacy policy.
>More to the point, server logs != modern Web analytics.
Being "modern" is not a sufficient explanation for why it is necessary. Using third party services does not generally require consent either.
> Being "modern" is not a sufficient explanation for why it is necessary.
It's considered commercially necessary because reading through logs is not as effective as using a Web tool like Google Analytics for the task of understanding what users are doing on a website.
If you want to make the argument that there's no difference between using e.g. Unix tools on a log file and using a tool like Google Analytics, that's your prerogative. But the industry as a whole disagrees.
> It is covered under GDPR but I think the general consensus is that server logs containing IP addresses do not require consent.
It depends on the legal basis. If you store these IPs to render service or combat fraud, you might get away from explicit consent. However, if you use and store these IP addresses for analytics, then it is a very different conversation.
GDPR is not just about what and how you collect and use data.
Again, folks say the cookie banners are not required, but even the EU web managers are unable to build a site without them. So maybe they are "practically" required for all sites?
> they're putting the exact same shackles on their domestic tech industry
The Digital Markets Act is an attempt to fix this by targeting the American tech companies specifically, without explicitly naming them in the law. I would venture that the DMA is why Gemini isn't available in the EU right now, like it is in the rest of the world where US companies are allowed to do commerce.