It's not 'a large block' it's just a large enough market, relative to a smaller market.
Most things in Canada are dictated (or influenced) by US standards.
Also, the EU is not quite big enough to force those manufacturers into 'same standard' on a global basis. The US actually might no be either alone. It's entirely feasible they could make $ by using different chargers in 'the remaining 80% of the world'. They don't do it partly for the reg, but mostly for other reasons.
Apple breaks other industry norms all the time for other product features, they do it for hardware revenues, and they can do it because they have market power which nobody else quite has, though maybe Samsung could try.
Which would lead to data portability issues with the EU. A number of companies I deal with have decided to host their data in the EU (even for UK source data) as a result of Brexit.
Well, you'll be able to hear the shrieking from here if Britain is ruled not to have an adequate data protection regime.
The EU basically doesn't enforce the regulation against the US because we're too big a software partner for the rules to apply. I wouldn't bet the UK is going to get the same realpolitik exception.
If UK privacy law starts to deviate significantly from GDPR then the EU commission will not hesitate to withdraw its 'equivalence' decision on UK privacy rights [0]. This will hamper the flow of data from the EU to the UK, the costs of which to UK businesses will more than offset any "Brexit dividend for individuals and businesses across the UK" that the culture secretary is seemingly so keen on obtaining.
Of course, these kind of nuances tend to get forgotten by those who think they can secure better trade deals by spending £200M on a boat [1].
>Culture secretary says move could lead to an end to irritating cookie popups and consent requests online
No it won't. Unless you ban EU citizens visiting your website and your website doesn't make business with other businesses in EU.
>Britain will attempt to move away from European data protection regulations as it overhauls its privacy rules after Brexit, the government has announced.
Other countries like Canada implemented GDPR directive. EU required this from Canada, Japan and other countries to make some custom/tariff -free deals. Looks like UK wants to break away from dealing with EU at all?
> Unless you ban EU citizens visiting your website and your website doesn't make business with other businesses in EU.
You can simply break the law and ignore the EU. The cookie popup sanctions are not criminal and unless you are very high profile business, nobody cares about you. Nobody is going to come after you.
The only regulator that international developers need to worry is the SEC from United States, because they pursue for US victims cross border. But the get on the bad side of the SEC you need to do something really stupid.
The maximum fines for breaking the GDPR is up to 4% of your global turn over. If it gets to that they can seize any assets in the EU, including any revenue earned in the EU up to the amount of the fine. Potentially directors can attract criminal risk by refusing to pay the fine(s), leading to an international arrest warrant. Obviously this is the most extreme case, but it is generally is easier to just comply with the law like a reasonable person.
I filed several complaints with unauthorized newsletters and failing to comply to my GDPR requests. German officials went after the companies and asked them to provide the necessary information. For sure it took its time but it worked and for the companies it's been a warning shot.
Irritating cookie popups are not mandated by GDPR; the opposite is true and most cookie popups are non-compliant with the legistration.
If the ICO (UK regulator) actually did its job then this would be solvable under the existing powers, but it's done very little:
Also, the cookie popups are not an immediate consequence of GDPR, but rather of its interplay with another directive from 2002 [0]. The EU has of course taken notice of the irritation of the public and is trying to improve on the state of affairs with the proposed ePrivacy Regulation [1].
Practically the UK must maintain an adequacy agreement with the European Commission so any changes would necessarily be constrained by that. Given that much of what became the GDPR was developed by British civil servants and in line with what the UK wanted to achieve at the time I suspect there is more than a little showboating going on here from HMG.
> No it won't. Unless you ban EU citizens visiting your website and your website doesn't make business with other businesses in EU.
I strongly dislike the move too but this is true. The popups are often based on geolocation by ip. Jurisdictions with GDPR get the pop up and those without don’t. If you want to test this go to the Washington Post on an EU/UK ip and an American ip, clearing cookies in between visits and see the difference for yourself.
I didn't think the cookie law is actually an intrinsic part of GDPR. But I could be wrong. I know you are supposed to make it clear that you are collecting data, and allow opt out.
So, I can see the political point in "setting fire to the cookie law" whilst basically being GDPR in all but name.
however, given the power of the present government to cock things up, I suspect they are going to make some stupid changes that threaten our equivalence with the EU. The EU will happily remove it, thus making it harder to trade in the EU.
I notice some murmuring about science. I suspect that means they'll try and make it simpler to wholesale sell off the fetid datamine that is NHS medical history. However if we are lucky, they'll also undermine the concept of informed consent for anything to do with research/data, which will be fun.
> I didn't think the cookie law is actually an intrinsic part of GDPR
Because it is not. [1] It was part of the ePrivacy directive, it has been amended since. The TL;DR is: today, if you don't use cookies for tracking and/or ads, you're fine. Just put a cookie consent checkbox on the user login form, and your website will have a much nicer user experience.
If you show a cookies consent modal before your visitors can access anything, either:
* you have personalised ads with global tracking. (~= criteo, amazon ads, or google adsense)
* you're using a globalised analytic tool. (~= Google Analytics)
* you're following an outdated version of the ePrivacy/GDPR directives.
They say you don't need cookie consent for login form. Login form is an obvious authentication, opt-in even. You need cookie consent when you authenticate user stealthily - how Google Analytics does it.
> I know you are supposed to make it clear that you are collecting data, and allow opt out.
Just to be clear, the GDPR requires opt-*in* for any data for which you do not have a legitimate interest - that you means you need consent before you start collecting.
As is well documented here, it's not intrinsic but it's the pragmatic outcome i.e. 'it's what is happening because GDPR and the state of the web'.
So it's one thing to point fingers and say 'the law doesn't require it' it's another to recognize that's where the equilibrium landed and that at least some kind of problem still exists.
I personally think there's actually a win-win and that we can have our cake and eat it as well, but these popups are a good indication that the laws as designed are not that.
And now lots of companies who are hosted in the UK are going to have to move out of the UK to stay in compliance with GDPR.
I actually choose my newsletter service based on the fact they were in the UK and therefore compliant with GDPR due to the fact I seen Mailchimp wasn't.
I don't think they're going to have to move, just remain compliant with the GDPR rules. UK businesses still have a lot of customers in the EU, and will have to comply with the GDPR to continue their businesses, so I very much doubt much is going to change.
If there is sufficient deviation from GDPR (who knows what will happen from this speculative article alone), the UK will probably lose its adequacy to transfer personal data, which will materially impact how international organisations can transfer data. In fact the recent UK-EU adequacy decision explicitly states this [0]:
'For the first time, the adequacy decisions include a so-called ‘sunset clause', which strictly limits their duration. This means that the decisions will automatically expire four years after their entry into force. After that period, the adequacy findings might be renewed, however, only if the UK continues to ensure an adequate level of data protection. During these four years, the Commission will continue to monitor the legal situation in the UK and could intervene at any point, if the UK deviates from the level of protection currently in place. Should the Commission decide to renew the adequacy finding, the adoption process would start again.'.
The impact of a loss of adequacy will be significant on UK service providers, as it will become significantly easier from a regulatory perspective to just host within the EU for both UK and EU customers than to deal with the hassle of using UK datacenters.
Does it support creating emails from RSS feeds though? Don't see it mentioned. When I make a blog post, mailchimp reads the RSS feed and sends an email to subscribers.
Uh oh. I was worried they might start messing with GDPR. While GDPR can get complicated to comply with, it is a measure that I wholeheartedly support as a user who values their personal data.
Having something is better than having nothing. At least now there is some hammer for security/etc. people to use to get something sane how data is stored and handled.
The GDPR should specify a standard cookie banner that must be used, some of them are beyond a joke. Google (for shame) has the most horrible, obnoxious dark-pattern banner, that they have obviously worked on to make as unfriendly as possible, while looking as benign as possible. I've never once in my life bothered reading the walls of script and check-boxes before clicking the most convenient button i can find.
The grand majority of them aren't really complying with the law as they default to cookies on and use a series of dark patterns to avoid you turning them off. But so far the regulators haven't been dealing with the problem. But its well within their power to do so and fix it so there is a simple dismiss button and the default is no cookies if they start enforcing the law they have.
Ironically The Guardian itself is violating the GDPR, doing precisely what you described. And this harms the reputation of the law as it gets associated with annoying and ineffective pop-ups.
It is downvoted because you say something is a failure without backing it up, when GDPR is actually a success for privacy and consumers everywhere.
1. Marketing consent has now to be explicitly asked for when signing up for any service. Companies cannot enrol you to one if you didn't ask for it.
2. Right to be forgotten. You can request a company to erase all your private data they hold on you.
3. Companies have to legally report data breaches within 72 hours after becoming aware of it.
4. Penalties for companies who do not take privacy seriously.
5. Companies can no longer just hoard sensitive/private data unless they have a reason for it.
6. Selling private data from company to company now requires original consent from the user (this stopped a lot of businesses selling lists for lead gen, call centres, etc)
7. Companies treat private data as a liability now, making them ask themselves additional questions whether it needs to be stored or processed at all, and if so, put additional security fences around it.
This list can go on for ages. I don't see these benefits and additional rights for hundreds of millions people out there as a failure. It's a win win for consumers.
One example is data retention. Previously, data could and and was just keep around forever. With the GDPR, when you delete stuff, you can now expect it to actually be deleted from backend storage, usually within 30 days or less (yes, there are exceptions). This is nice, since it does limit your exposure in case of a breach. Speaking of breaches, they also have to be reported in a timely manner. Without the GDPR or equivalent, companies are free to suppress that as long as they want, and have done so.
I agree with removing the cookie requests. 99% of people just click the big green "AGREE ALL" button because they're too busy to go on a box-ticking exercise. I hope other aspects of GDPR remain in place though, and have to agree that we should be cherry picking the rules that make sense to UK businesses and users.
The EU's upcoming ePrivacy Regulation[1] proposes, among other suggestions, to move cookie consent into the browser:
"Simpler rules on cookies: the cookie provision, which has resulted in an overload of consent requests for internet users, will be streamlined. The new rule will be more user-friendly as browser settings will provide an easy way to accept or refuse tracking cookies and other identifiers. The proposal also clarifies that no consent is needed for non-privacy intrusive cookies that improve internet experience, such as cookies to remember shopping-cart history or to count the number of website visitors."
A lot of these cookie requests that are the most cumbersome are themselves GDPR violations.
You should have the options to agree or disagree to non-essential cookies presented equally, and then can offer the granular box ticking for people who really care that Google Analytics can use their data but Google Ads cannot.
People complain that the EU's own website have cookie banners, but if you compare the banner on europa.eu, to say, IB times which is another link on the front page currently. The europa.eu one has two equal options, no BSing about legitimate interest claims for tracking that wouldn't hold up. The IB times one on the other hand has a totally unneeded splash screen, you then need to click manage settings, and for each purpose you need to enter it and disable extra toggles for "objecting" that are basically another layer of opt out consent since they know consent is opt in (but to my understanding if you don't go to manage settings at all and just click the go away option, they will treat that as affirmative consent).
The ePrivacy Regulation is working to clarify the interaction with the ePrivacy Directive which leads to people asking consent for "essential"/non tracking cookies like shopping carts or the "Remember I didn't consent to tracking" cookie.
A big green "AGREE ALL" button is explicitly non-compliant, though.
In theory one could preemptively block all consent popups and requests and continue to surf the website without being tracked, if the GDPR had any teeth.
I also browse with Brave, and use their inbuilt "shields" feature to block 3rd party/cross-site cookies. I don't install any additional browser plugins.
Would be nice to kill all the consent-popups, as you say.
No I do not - in this case 99% = most people. I think only a small percentage of the population understand what a cookie is, and an even smaller percentage of those who care about their privacy enough to go ticking those boxes.
Personally I would prefer something streamlined, but only if it allows individuals the same or better choices. And I would not want a situation that lead to irreconcilable differences with the GDPR, the hassle of non data portability would be too great.
The reason the GDPR failed and was more an annoyance than a solution is because of its lack of enforcement and the total incompetence of the ICO.
All the annoyances that seem caused by the GDPR such as the annoying and misleading consent popups are explicitly forbidden by the GDPR and do not count as compliance.
If the ICO was doing their job and was using the powers the regulation is granting it (such as the fines everyone was fear-mongering about) it would've quickly forced those websites to comply and stop the annoyances.
> The reason the GDPR failed and was more an annoyance than a solution is because of its lack of enforcement and the total incompetence of the ICO.
I don't think it is clear that GDPR has failed. Companies actually think about data privacy now, to a much greater extent than they previously have. For example shady practices by the likes of google and facebook have come under the spotlight and companies do face significant GDPR fines when they mess up e.g. this 890 million euro whopper for amazon [1].
The GDPR most certainly has not failed, in fact it is gathering steam. Compliance is increasing, more and more consumers are becoming aware that this law is working to their benefit, and fines are getting more substantial against those companies that have unilaterally decided the GDPR does not apply to them.
Of all the legislation that has come out of Brussels I would count it up next to the successes, similar to the roaming charge law and the one about phone chargers.
Gathering steam is right - people often underestimate the power of nation states (and blocs of nation states) because they can take a while to react. But it's like steering a supertanker - slow to turn, but once they're finally going in the intended direction they're impossible to ignore.
I can count multiple times where GDPR has improved my life as a customer and even as an employee. GDPR was a landmark success in my opinion, especially after the failure that was the cookie law.
I don't think GDPR has failed. In fact, there have bern multiple times where I have been happy that it exists, since I knew that companies were limited in their ability to save data about me.
You can probably "thank" the EU for not having to carry around individual LG, Samsung, Anker, Sony, Apple, whoever charging bricks:
https://en.wikipedia.org/wiki/Common_external_power_supply