IMO data should be radioactive for companies, especially if it approaches PII. Companies should be forced into thinking deeply about every single bit of data they collect from people, and they should be terrified of receiving data and be chomping at the bit to get rid of it ASAP.
To intercept the usual argument of "But my business can't exist without all this data!", to that I say "Good!". If your business can't exist without tracking every single iota of your customer's existence, then it truly shouldn't. I couldn't tell you the amount of times I've had to fight back against implementing yet another tracking tool at work, just to collect data that I know for a fact no one will look at after the first few weeks of the tool being there. The amount of times I've heard some stupid shit like "Well we don't need this data yet, but what if we need to have their mother's maiden name at some point in the future?!" is depressing, and I'm glad that we're starting to have legal channels to push back against such idiocy.
You have an issue with customer behavior so you set up tracking to understand it.
Keep it running for a few days, then check on but the tracking doesn't output meaningful data that you can exploit to solve your issue.
At this point, you search for alternative tracking but do you disable the old one ? What's the benefit ? Either it's free or cost very little, none of your customer know they are being tracked and in the eventuality it may become useful later on you keep it.
Repeat a few times and you end up with bloated website that tracks where you were, are and will be. What you're watching, cursor position, scrolling, how long you spent watching that image or these one, have access to every technical details about your device because it's required for fingerprinting, all while no one actually is exploiting the data.
It's junk yet you collect it because it's free.
If there was a meaningful reason to limit the number of tracking, like the law and fear of getting sued, then it would be a different story.
> IMO data should be radioactive for companies, especially if it approaches PII. Companies should be forced into thinking deeply about every single bit of data they collect from people, and they should be terrified of receiving data and be chomping at the bit to get rid of it ASAP.
100%. Unless a cooperative model (like most businesses should be run, bit that's a different issue) exists in which I am compensated for you having my data. At that point all the time and friction I have to spend/deal with because all of you have my data is worth it. Right now all this friction in my life because you have my data and I'm dealing with your beaches is "paid" for by me, and that's lame.
> IMO data should be radioactive for companies, especially if it approaches PII
It's pretty much the idea of GDPR. The wording of the GPDR is "You should make your systems private by design", which they explain as "Store PII only you really have no choice"
In this case, the legal ruling means that even if they somehow fix their consent, they have to remove all the data they currently have! Also all their clients need to remove all the data. Having to tell your customers they have to remove all their data ought to completely kill their business.
That being said, it will likely not happen: It's not the first time they lose a ruling and I'm pretty sure no-one removed any data, despite being required to...
I hate that people don't look up the details on laws.
GPDR says that all governments are the ones judging whether the GDPR is violated (meaning not the courts), for example the https://ico.org.uk/ and they even formalized an exception process. You cannot sue a company for GPDR violation, you can report it to a government department that may or may not decide to action your report, that's it. GDPR only allows for the government to intervene directly in the private sector.
Needless to say, all governments have used the exception process to carve out blanket wide-ranging exceptions for themselves, for state owned or partially state owned enterprises (police, government departments, police, justice, banks, insurance, hospitals, doctors, incumbent telco's, ... exactly the people where GDPR protection would be critically important) that seem to grow in scope over time. For example the tax offices in the EU now have exceptions that allows them to mandate companies store PII as part of their regulations (meaning without an actual law).
And, in any case, if anyone violates your rights, there's nothing you can do with the GDPR. Try to get a hospital to empty your patient record and tell me how it goes (I wanted to do that after the hospital charged the insurance for an -embarassing- assessment they didn't actually do (it allowed them to charge a lot because it involves staying a few days at the hospital, I was in there about 2 hours). So I wanted it cleared of my medical record, which is one of the core things the GDPR allows for, it's given as an example in the law! Nope. Not allowed, and the government doesn't pick up the report)
> I couldn't tell you the amount of times I've had to fight back against implementing yet another tracking tool at work, just to collect data that I know for a fact no one will look at after the first few weeks of the tool being there.
I'm curious, how does such a conversation usually go? Is your main angle to point out how useless the data ultimately will be, or did you find a resonating way to point out the negative effects on users?
There's lots of ways to address it, depends on what the feature is. There's always ways you can spin it, like going the technical route: "That would require a new column which would add X to the size of the DB and thus our costs would rise by Y", "That would require X, Y and Z investment from these 3 teams just to add this 1 new column" etc. Usually the people pushing this stuff are non-technical so you can just give them any technical mumbo jumbo and they'll give up.
I also tend to highlight that we do have historical data that nobody is looking at as-is, what's different about this new data? What are the actual long-term plans for the data? Can we reuse what we already have for what we're aiming for here?
These days my default is "Oooh we'll have to check in with legal on that one, not sure if it's GDPR-friendly to include this new column like this". No one likes talking to legal unless they absolutely have to, so most will just drop it.
And unfortunately sometimes there's no winning it no matter what, so you have to "disagree and move on" as it were. If it's some manager's pet project, well, you're SOL for the most part.
> or did you find a resonating way to point out the negative effects on users?
Unfortunately I've found this to seldom work unless you're working somewhere where privacy is part of the value prop. Even pointing things out like "How would you feel if the DB were to leak and all your info were to be made public?" elicits 0 response. The marketing people and C-suite that push these kind of boneheaded things forward don't view the users as actual humans, they're all just numbers to them. Will this cause churn? How much? Those are the only questions that matter to them.
I think the current situation is actually quite good. GDPR was well thought out.
You need to be clear about what you collect, get clear consent (and all the courts decisions on that are actually going in the direction that it really needs to be clear and specific) and give people the ability to have their own data modified.
Plus, enforcement makes a lot of sense. Companies get a lot of warning before things escalte and fines are proportional to companies results so it hurts but is not a death sentence unless they repeatedly offend.
> Companies get a lot of warning before things escalte
Yeah, we once got contacted by our local DPA about some issues. Mailed us a list of issues they had with our site. I set up a call with them for some clarification, and they were happy to go into detail. Then they just said to mail them when it’s done, or they’ll just re-check after some months. They are interested in actually changing things, not in fees.
What you're advocating for has a few 2nd order effects.
1. Entrenches Google, Facebook, etc. because they are the only people that have enough money to comply with the regulation.
2. Makes the rest of the internet worse (e.g. people show MORE ads because they are less effective because they show me boats and I hate boats)
3. Makes data brokers even more important because companies can't get data anywhere else.
4. Reduces competition because the incumbents will always have more data than startups (Nike knows I wear a size X and the startup can't ever get that data)
Everything is a tradeoff. I, for one, would rather these regulatory agencies go after the 100,000s of data brokers that mine for SSNs, birth certificates, financial info, etc., rather than them going after Facebook, TikTok, etc.
Ads are here to stay, if you don't want ads, then ban ads, and with it most of the internet, but if people keep making terrible regulations like this that try to hurt big companies and get rid of ads and in reality, you just enable and feed these massive companies. Regulation makes them MORE valuable, not less. (see Meta stock price vs. Snap after ATT)
> 2. Makes the rest of the internet worse (e.g. people show MORE ads because they are less effective because they show me boats and I hate boats)
Back in the olden days, if you read a boat magazine, you’ll see ads for boat stuff. This was always fun for me — if I’m ready a motorcycle racing magazine, I’ll see ads for cool things that I had no idea existed and that would be useful to me. With “targeted” ads, it becomes an echo chamber — I see ads that are “tailored” for my alleged current interests, but nothing that helped me discover new things that I could become interested in.
What’s wrong with context-based ads? If I’m reading about Thailand travel, then the publisher should sell ads related to SE Asia travel.
Why am “I” being customized to rather than ads being relevant to the content?
If you want to reach boat enthusiasts, then advertise on content related to boats (or perhaps water sports, etc.) You then don’t need to track “me,” but instead you can track “boat content. That takes the personal data out of it. This keeps me from being followed around the web trying to sell me a vacuum cleaner I already bought.
> 1. Entrenches Google, Facebook, etc. because they are the only people that have enough money to comply with the regulation.
The article we're commenting on makes it clear the big guys aren't complying. Also, I reject the notion that you have to spend inordinate amounts of resources to comply, in fact it is the opposite. You don't spend money on data you don't store, after all.
Co. I used to work for is microscopic in comparison to FAANG, and we didn't have a single cookie banner or anything of the sort and have absolutely no problem complying with GDPR because we track nothing and collect nothing more than what is strictly necessary, mostly because of individuals like myself who push hard against any data collection that doesn't have a well thought out reason. Hell, even Github with their massive scale has no problem with not having cookie banners or anything else of the like. This is a problem of will, not resources.
> 2. Makes the rest of the internet worse (e.g. people show MORE ads because they are less effective because they show me boats and I hate boats)
Perhaps, but we're already drowning in them as-is. The internet is unusable without uBlock and DNS-level adblocking.
> 3. Makes data brokers even more important because companies can't get data anywhere else.
If we make data radioactive, then data brokers wouldn't be able to exist. What we need is stringent and broad laws that limit data gathering, period, regardless of the source. Whether you collect it yourself or pay someone else to collect it for you is completely irrelevant, both should be made equally painful. I'd also have no qualms with making sharing any data that you do collect even more of a pain in the ass and a nightmare for everyone involved, this whole gray market has net negative benefits to everyone.
> 4. Reduces competition because the incumbents will always have more data than startups (Nike knows I wear a size X and the startup can't ever get that data)
Why would Nike have this data in the system we're talking about (data radioactivity)? How is this data even useful to anyone, other than for tracking purposes to make a unique profile out of you? Companies shouldn't have this data unless it's a podiatric clinic or something like that, whether it be Nike or this imaginary Shoe startup that needs feet sizes for whatever reason.
I guess I could see there being genuine usefulness for people who have feet sizes that aren't the norm to find footwear that fits them, but there's no reason they have to have their entire essence tracked by every company on the internet for that.
> IMO data should be radioactive for companies, especially if it approaches PII.
That's an idealistic, but highly unrealistic, thought.
As long as a market exists that can profit from exploiting PII, and is so large that it can support other industries, data will never be radioactive. The only way to make it so is with regulation, either to force companies to adopt fair business models, or by _heavily_ regulating the source of the problem—the advertising industry. Since the advertising industry has its tentacles deeply embedded everywhere, regulating it is much more difficult than regulating companies that depend on it.
So this is a good step by the EU, and even though it's still too conservative IMO, I'm glad that there are governments that still want to protect their citizens from the insane overreach by Big Tech.
> As long as a market exists that can profit from exploiting PII, and is so large that it can support other industries, data will never be radioactive.
The EU bureaucracy machine can be slow moving, but has the potential to fix this. The stricter the rules, the simpler the implementation. You could cut a LOT of the administrative burden by specifying what data is allowed to be stored at all, instead of what isn't.
Big tech needs to be put in their place, and as others have commented; if this kills your business model, your business model doesn't deserve to exist.
As a customer, I want the ability to choose the way in which I pay a business I interact with, with the consent of that business of course.
Europe gives me less control of my personal data than the US would. I am no longer allowed to decide that I'd rather choose services that take payment in data instead of services that take payment in Euros.
I think people who disagree with this perspective should be accommodated. It's a valid objection and technology inherently favors monopolies, so you can't really have the Facebook equivalent of a vegan restaurant or gay club. I'm not against forcing (large) tech companies to offer tracking-free plans at reasonable prices for those for whom this is the right tradeoff.
What Europe is doing is just plain stupid, though, and it will be felt most by those who can least afford it.
> I am no longer allowed to decide that I'd rather choose services that take payment in data instead of services that take payment in Euros.
Google, Microsoft and Apple don't really give you a choice, you will pay in Euros for your phone/PC, and then you will pay in your data as you use it whether you like it or not.
It should be perfectly fine if people want to pay with personal information, as long that personal information has zero social costs.
A prime example is sharing information about DNA since that has a social impact on relatives. Less obvious problem would be people in a position of social position, like say a judge or jury, since access to personal information in that situation provide unfair position of power in society. It also is a problem with voting, since access to voters personal information has a high risk of influence elections.
To take a more direct example, if you are paying your email provider with data, then you are also selling the information of anyone who send their emails to you. The sender is in an impossible position in that they can't know who the email provider is of a recipient (email forwarding is a thing), so the social cost is on the recipient if they sell the information.
> it will be felt most by those who can least afford it.
This sort of business model is problematic precisely because the poorest can't afford to refuse - that's a feature not a bug. Privacy is deemed a human right, and human rights shouldn't be for sale.
You could make the same argument supporting the legal sale of human organs, but as a society we've decided that kind of "payment" strips the poorest of their dignity and human rights.
The business model is inherently predatory for other reasons too. People see what they get right now - "free" access to the website they're on, but they're completely oblivious to the real costs because they're abstract, too many steps removed from each individual's actions, but they're very real and damaging in aggregate.
What you just described is actually only possible with data protection law. In Germany there are websites that ask you to accept ads and cookies or else u pay the monthly subscription fee. Without data protection law you likely just don't get the choice.
Btw, the ads fee are priced in when you buy stuff.
I don’t understand where this is coming from. Isn’t Meta offering to EU users exactly the choice you are describing? (Even though in the case of the subscription we can’t really be sure they also don’t still use your data.)
> data should be radioactive for companies, especially if it approaches PII
Cute theory. Fails in practice. Especially with LLMs on the horizon, this would be tantamount to unilateral nuclear disarmament. (Practically, it fails in that we haven't quantified the cost of breaches commensurate with what those of us who are security minded estimate it to be.)
I have advocated for privacy issues for a short while. "Data is radioactive" is the "defund the police" of our movement.
What do you mean? Why do LLMs need user data to operate?
On a side note, I also don't understand your comparison to "defund the police" - were there any places that fully applied it and demonstrated that it "fails in practice".
Don't agree entirely, at least in italy you can tell chatgpt to not use your chats to train other models. Well, it's still going to be using memory if you tell it something, but whatever info you give theoretically should remain there and not be used afterwards
> Especially with LLMs on the horizon, this would be tantamount to unilateral nuclear disarmament.
We should also be hoping for unilateral nuclear disarmament (I get your point on the infeasability though), but I don't see the parallels here. LLMs don't need personal data to work (I'd even imagine such data to be better off left out of the training data anyways, caveat for celebrities), and regardless of everything else whether the AI hypesters are to be believed about how world-changing AI/LLMs will be remains to be seen.
Also, as the OP article suggests, we can and are doing something about it. Things aren't perfect yet, but GDPR itself has already made huge waves and have made things better. From how I interpret this ruling, the dark pattern cookie banners are being scrutinized and are being put under the knife, so there's some hope that things will soon improve on that front.
> I have advocated for privacy issues for a short while. "Data is radioactive" is the "defund the police" of our movement.
Except we can already see a shift in the masses and their opinions here. People are becoming cognizant of the sheer amount of data all these tech companies harvest on them. I am consistently getting more and more of my non-technical-in-any-capacity friends asking me how to safeguard their data better, so I'm quite hopeful we're going to get there. All we need is to actually fucking hurt the FAANGs and their ilk. Cut the head off the snake and all that, if we actually hurt Meta as we should've a million times by now, then all the smaller players will automatically fall in line for fear of a similar world of hurt.
"Personalized" advertising isn't good for anyone except the ad networks.
It isn't good for consumers whose privacy is being violated as they are being annoyed with unwanted, irrelevant ads and they get charged higher prices due to the cost of the advertising.
It isn't good for companies buying the ads by participating in sham "auctions" with no real insight into or control over the process. They are literally begging to be ripped off.
It doesn't have to be this way. "Context sensitive" advertising is more privacy respecting, easier to implement and monitor and can be more cost effective.
Example: The fact that I recently shopped for and bought a car is no reason to show me auto ads on a web site devoted to pet supplies. There is a logical disconnect here because context is ignored in favor of "personalization".
Those paying for these dumb "personalized" ads are wasting their money and my time and bandwidth because I already made a purchase. I'm not making another one any time soon.
By the way, this doesn't really happen to me any more because I now block these "personalized" ad networks. And you should too --- it's the only logical recourse to this stupidity.
> It doesn't have to be this way. "Context sensitive" advertising is more privacy respecting, easier to implement and monitor and can be more cost effective.
This is what launched Google's money printing machine: Showing ads matching the current intent (current search) thus solving a current problem.
> It isn't good for companies buying the ads by participating in sham "auctions" with no real insight into or control over the process. They are literally begging to be ripped off.
You seem to think that companies have a choice. I've been advertising for years, Google has been rolling out the standard ads in favor of automated "personalized" one for a long time.
They kept removing features again and again.
In more of removing features and making basic ads impossible to use, they have a team of people that will keep calling you and to offer you 'guidance' on how to run your ads. These guidance almost always revolved around enabling the automatic advertising algorithms and disabling your old school ads.
I consider myself quite smart with internet things but even me, at some point, got baited into switching to these automated ads because at the end you run a business that is completely different from marketing and it's not your core business. You're not expert into marketing and especially not into Google ads so it's easy for these experts to trick you.
I have seen my money syphoned by these automatic techniques with quite bad roi.
And all these self made people or very small companies (which represent the vast majority of the business), they are just as easy target for Google than I was.
Big companies can afford ads consultant that will run the advertising campaigns and optimize everything, but small ones are stuck doing things themselves on a system that is purposely made to hand over your money and let the computer do it's 'magic' with targeted advertising.
And if you're not happy with Google, what you gonna do ? It's not like there is competition. Everyone use Google, Google is a monopoly.
I tried switching to bing ads, Facebook ads, but its just not possible. No one use bing. Facebook leads were never as profitable as Google one, at least in the market I advertised.
You know you don't actually need Google to advertise, right?
I was hosting websites in 1998 when Google was still in Larry Page's garage. We sold ads the same way magazines and newspapers always have: we had a sales staff and they did their job well. There's no reason we can't go back to that.
The other case for personalised advertising is when a purchase is almost made.
I was recently searching for a toy across Etsy, Ali Express, eBay. I didn't buy it. A day later, I saw 'suggested' purchases on Amazon for the same toy. I boycott Amazon, so I don't often visit their website.
I normally block (successfully?) almost all of this advertising, so I find it particularly creepy when I receive it.
I agree. But in the crappy experience topic, it seems to me that this is just bad engineering. If I were to build an algo to show personalized ads, I would definitely account for the likelihood of someone wanting to buy 2 consecutive cars vs a car and maybe some car related products. How was that decision made, because it seems that an entire industry adopted this and called it a day.
There's no incentive for the ad platforms to account for that, real-time bidding will make money for them no matter the experience of the ad being showed.
If you get another ad for a product you already bought the advertiser already paid for placement, a click through is just a bonus on top of that. Even more when information is so secretly guarded that any analysis of the impact of an ad is extremely flawed, it hasn't solved the old adage from John Wanamaker:
> Half the money I spend on advertising is wasted; the trouble is I don't know which half
It's meant to be that way, the ad platforms do not want advertisers to know what is waste and optimise their ads further than what's needed to keep them advertising, they just need to throw some bones here and there, convert a few people through clicks, to make themselves look indispensable.
How was that decision made, because it seems that an entire industry adopted this and called it a day.
Easy --- advertisers pay for bad ads the same as good ones --- why bother stopping the bad ones?
Convincing so many advertisers to just blindly trust the system and buy into the concept of black box "personalized" advertising is actually the real marketing coup here.
According to some stats, global use of ad blockers is now over 40%. Once it exceeds 50%, I believe this stupidity will slowly start to die out.
> are wasting their money and my time and bandwidth
_You_ think it doesn't work, but it does. Or at least 'on average' it does. As for your time, perhaps you value your time. But again, 'on average', there are so many people spending hours and hours on Insta, TT, etc. and those people clearly don't care about focus/time/ads, because it is their (mental/spiritual) bread and butter. When a young woman 'follows' 100 'influencers' and each posts twice per day, that young woman consumes at least two hundred ads per day and if she buys at least one item per day, that's a win for 'them'.
Regarding the car/pet scenario, if they are any good they should be advertising stuff to clean dog piss, brushes, etc.. items that "will keep your car clean when you got a pet".
They are so dumb too. It rarely actually presents ads for things I might be interested in as I search but once I buy something they will follow me for a week. Buying an item seems to be a much stronger signal to them, it makes very little sense how this currently works.
Seeing ads appropriate to a site however makes me a bit wary of the site itself, it needs enough difference to the context to not harm the sites reputation.
> it's indisputable that it's good for businesses and the broad economy.
I dispute this. Therefore it is not indisputable.
I support my dispute thusly: imagine a world where there were no ads. All the money spent on ads would be spent on other things. Those other things would, I assert, be better for everyone involved than ads. The world would be a better place.
I support my assertion that anything else would be better than ads by pointing out that for businesses advertising is an arms race, all your competition and you are in an auction for customer attention in which the winner is one of the duopoly that control all internet advertising. And for users I just point to waves hands at everything we hate about the modern internet all that. QED.
According to Meta, their personalized advertising alone generates over $0.5 trillion of economic activity per year.
Why should I care that they make a boatload of money while making the life of everyone else crappier? Advertising turns everything into shit.
Crapware pre-installed onto your brand-new phone or laptop [1]? Advertising.
Pervasive tracking added to Windows? Generating profiles for advertising. Smart TVs sending regular screengrabs to Samba TV? Analytics for advertising. Like your $2000 smart fridge? It's going to be much worse because Samsung is piloting advertising. Every tech product is getting infected by this disease, both shoving unwanted ads into your face and tracking your pervasively.
Of course, someone is going to argue that we cannot have 'free' products without advertising. In the end the consumer is paying for advertising as part of (increased) product prices.
I think what many of us question is whether nor not those same $0.5 trillion would be generated by contextual ads. There's no doubt that ads work, but we really don't know to what extend.
E.g. if I'm on a pages looking at watches, should I get ads for watches, or would it be better to show ads for the washing machine I was looking up last night? Google, the search engine, clearly thinks it's better to show ads relevant to my search term, but they are also in a special position that's not applicable to a news website.
People working in the field has also previously commented, here on HN, that the ad networks are basically hustling the advertisers, selling them ad space / users that they know will perform badly, to move more "inventory". That generates economical activity, but does that benefit anyone beyond the ad networks?
According to Jack the rock slinging glazier, the broken windows he creates generates massive returns to the economy when people pay him to fix the windows.
JFC… I’m begging for you to please think about things like this in ways that aren’t strictly about “the economy”. It’s so so so clearly a net loss for society it’s not even close. You have to literally ignore everything else other than this idea of “shareholder value” to come to such a ridiculous position.
You mean the same Meta and their ads and data collection that have been directly and indisputably linked to literal, actual Genocides? And teen suicides? And Cambridge Analytica?
Oh, but they shuffled some money around the economy (mostly into their coffers), so it was all worth it in the end, because as we all know the magic economy is the only thing that matters.
I believe the main purpose of tracking based advertising is to know your gender, politics and social class to show you the right kind of car and pet supply.
This discrimination is quite important and before internet people would self discriminate on those basis and buy different magasines, see different movies, walk different streets and advertisers could target their demographics based on that.
Now everybody goes to the same social networks so the tracking is used to provide this discrimination
A good example is gym membership. There's 20eur/month and 300eur/month ones. The 300eur/month ones really don't want to advertise to everybody, they have a really specific demographic target in mind.
lol at IAB's choice of headline: "Belgian Market Court Confirms Limited Role of IAB Europe In The TCF"
IAB was on the hook for the dreadful cookie "consent" popups that ruined the web (no, it wasn't GDPR that ruined it, it was a very deliberate action by "industry groups" like IAB).
The only reason the Market Court annulled the previous decision was on procedural grounds, while agreeing that IAB is responsible, and keeping the 250 000 EUR fine in place.
Too bad. I wish Market Court would've burned IAB to the ground, salted the earth and scattered the ashes.
Does anyone know what the consequences are? I have no idea exactly what it is that applies immediately.
I would guess that starting today Google and others should stop advertising as they currently do it, it being illegal. I doubt it's that simple, and even if it was, I am sure they will not simply stop. So what happens now?
Tracking has no legal basis, but it's still permitted with consent. The problem with IAB Europe (and other similar ad providers, as well as IAB's customers) is that IAB Europe didn't obtain consent; it tried to hide its tracking by using supposedly non-personal identifiers, which wouldn't necessitate consent, but the court ruled that these identifiers were actually PII. IAB also tried to weasel its way out of its responsibilities, but preventing that seems to have failed.
As a result, data collected through IAB about European customers was collected unlawfully, and third parties must delete that data. IAB also can't smuggle consent like this anymore, and needs to pay a fine that was handed down a few years ago.
I very much doubt ad companies will actually delete the illegally obtained data, but IAB and other companies in the cyberstalking industry this can be a problem, because they need to actually comply with the law.
Totally agree. The current ad model feels extractive on all sides. Context-based targeting feels like a more honest middle ground that doesn’t require spying on users.
The "problem" is that oh so many sites have no context. They exist solely to host ads, the content on their pages provide no actual value and is rehashed press-release, direct copies of reporting from Reuters, 10 ten lists written by interns or AI junk.
If this works it will be good for everyone, the many issue with today's internet is the perverse incentives to get views or "engagement" so you can sell ad space. The ads are the goal, not the message.
I’m sure some grifters won’t get their second Mercedes, but sites with no context and just ads disappearing would be a wonderful, almost dream-like outcome for the internet. It might even solve the dead internet problem to a degree.
There’s no way the advertising industry giants will let it happen. But the thought alone clearly illustrates the damaging effects of advertising.
See also the decline of media where they learned very early on that rage generates by far the most clicks and hollowed out their entire fucking industry to sell more ads.
Honestly a number of really really significant societal problems have their roots in surveillance capitalism
> Dr Johnny Ryan said "Today's court's decision shows that the consent system used by Google, Amazon, X, Microsoft, deceives hundreds of millions of Europeans. The tech industry has sought to hide its vast data breach behind sham consent popups. Tech companies turned the GDPR into a daily nuisance rather than a shield for people."
I feel this so often gets lost in the conversation where a huge amount of people in communities like this one will loudly point out how annoying consent banners are but never give any thought as to why so many websites feel that just because you want to read a single article on their website that they are now entitled to sell your information often to hundreds and even thousands of different data brokers and that this is now so normalised that it’s almost every bit of content I consume now.
The original purpose of the GDPR was clearly to try and put an end to this kind of thing while still leaving cutouts for legitimate purposes with informed consent.
I’m so glad to see them come at this from a new angle entirely now to just firmly say that this surveillance capitalism bullshit is illegal and you can’t cookie banner your way out of it as some kind of legal protection.
Good, that makes me extremely happy as an EU resident and I wholeheartedly support whatever steps you need to take in order to enforce this. There’s no reason at this point to continue playing nice with US spyware companies masquerading as “data brokers”, let them deal with the mess they made but we don’t need it here.
> The original purpose of the GDPR was clearly to try and put an end to this kind of thing while still leaving cutouts for legitimate purposes with informed consent.
Don't forget the "legitimate interest", where somehow 635 ad companies absolutely must have my data to visit a single website...
Corporations should pay $0.01 per data point stored, per day, to that citizens country.
For once, a corporations actions will then disproportionately affect the rich, since they will be the only ones worth holding data points on. Those best able to financially and legally enforce the rule.
As I always say, you can’t outlaw being an asshole. But I am curious about what sort of assholery we will see next. Maybe all tracking will become “legitimate interest” (I’m kidding, please don’t actually entrench that garbage any more than it already is).
The actual options are: either you pay with your data or with your wallet. Which makes sense since, you know, journalists like to eat and eating costs money.
Readit News
To intercept the usual argument of "But my business can't exist without all this data!", to that I say "Good!". If your business can't exist without tracking every single iota of your customer's existence, then it truly shouldn't. I couldn't tell you the amount of times I've had to fight back against implementing yet another tracking tool at work, just to collect data that I know for a fact no one will look at after the first few weeks of the tool being there. The amount of times I've heard some stupid shit like "Well we don't need this data yet, but what if we need to have their mother's maiden name at some point in the future?!" is depressing, and I'm glad that we're starting to have legal channels to push back against such idiocy.
Keep it running for a few days, then check on but the tracking doesn't output meaningful data that you can exploit to solve your issue.
At this point, you search for alternative tracking but do you disable the old one ? What's the benefit ? Either it's free or cost very little, none of your customer know they are being tracked and in the eventuality it may become useful later on you keep it.
Repeat a few times and you end up with bloated website that tracks where you were, are and will be. What you're watching, cursor position, scrolling, how long you spent watching that image or these one, have access to every technical details about your device because it's required for fingerprinting, all while no one actually is exploiting the data.
It's junk yet you collect it because it's free.
If there was a meaningful reason to limit the number of tracking, like the law and fear of getting sued, then it would be a different story.
Whatever it costs it reduces your profit margin so why would you keep it live?
100%. Unless a cooperative model (like most businesses should be run, bit that's a different issue) exists in which I am compensated for you having my data. At that point all the time and friction I have to spend/deal with because all of you have my data is worth it. Right now all this friction in my life because you have my data and I'm dealing with your beaches is "paid" for by me, and that's lame.
It's pretty much the idea of GDPR. The wording of the GPDR is "You should make your systems private by design", which they explain as "Store PII only you really have no choice"
In this case, the legal ruling means that even if they somehow fix their consent, they have to remove all the data they currently have! Also all their clients need to remove all the data. Having to tell your customers they have to remove all their data ought to completely kill their business.
That being said, it will likely not happen: It's not the first time they lose a ruling and I'm pretty sure no-one removed any data, despite being required to...
GPDR says that all governments are the ones judging whether the GDPR is violated (meaning not the courts), for example the https://ico.org.uk/ and they even formalized an exception process. You cannot sue a company for GPDR violation, you can report it to a government department that may or may not decide to action your report, that's it. GDPR only allows for the government to intervene directly in the private sector.
Needless to say, all governments have used the exception process to carve out blanket wide-ranging exceptions for themselves, for state owned or partially state owned enterprises (police, government departments, police, justice, banks, insurance, hospitals, doctors, incumbent telco's, ... exactly the people where GDPR protection would be critically important) that seem to grow in scope over time. For example the tax offices in the EU now have exceptions that allows them to mandate companies store PII as part of their regulations (meaning without an actual law).
And, in any case, if anyone violates your rights, there's nothing you can do with the GDPR. Try to get a hospital to empty your patient record and tell me how it goes (I wanted to do that after the hospital charged the insurance for an -embarassing- assessment they didn't actually do (it allowed them to charge a lot because it involves staying a few days at the hospital, I was in there about 2 hours). So I wanted it cleared of my medical record, which is one of the core things the GDPR allows for, it's given as an example in the law! Nope. Not allowed, and the government doesn't pick up the report)
I'm curious, how does such a conversation usually go? Is your main angle to point out how useless the data ultimately will be, or did you find a resonating way to point out the negative effects on users?
I also tend to highlight that we do have historical data that nobody is looking at as-is, what's different about this new data? What are the actual long-term plans for the data? Can we reuse what we already have for what we're aiming for here?
These days my default is "Oooh we'll have to check in with legal on that one, not sure if it's GDPR-friendly to include this new column like this". No one likes talking to legal unless they absolutely have to, so most will just drop it.
And unfortunately sometimes there's no winning it no matter what, so you have to "disagree and move on" as it were. If it's some manager's pet project, well, you're SOL for the most part.
> or did you find a resonating way to point out the negative effects on users?
Unfortunately I've found this to seldom work unless you're working somewhere where privacy is part of the value prop. Even pointing things out like "How would you feel if the DB were to leak and all your info were to be made public?" elicits 0 response. The marketing people and C-suite that push these kind of boneheaded things forward don't view the users as actual humans, they're all just numbers to them. Will this cause churn? How much? Those are the only questions that matter to them.
You need to be clear about what you collect, get clear consent (and all the courts decisions on that are actually going in the direction that it really needs to be clear and specific) and give people the ability to have their own data modified.
Plus, enforcement makes a lot of sense. Companies get a lot of warning before things escalte and fines are proportional to companies results so it hurts but is not a death sentence unless they repeatedly offend.
Yeah, we once got contacted by our local DPA about some issues. Mailed us a list of issues they had with our site. I set up a call with them for some clarification, and they were happy to go into detail. Then they just said to mail them when it’s done, or they’ll just re-check after some months. They are interested in actually changing things, not in fees.
And then we lobbied in "legitimate interest".
1. Entrenches Google, Facebook, etc. because they are the only people that have enough money to comply with the regulation.
2. Makes the rest of the internet worse (e.g. people show MORE ads because they are less effective because they show me boats and I hate boats)
3. Makes data brokers even more important because companies can't get data anywhere else.
4. Reduces competition because the incumbents will always have more data than startups (Nike knows I wear a size X and the startup can't ever get that data)
Everything is a tradeoff. I, for one, would rather these regulatory agencies go after the 100,000s of data brokers that mine for SSNs, birth certificates, financial info, etc., rather than them going after Facebook, TikTok, etc.
Ads are here to stay, if you don't want ads, then ban ads, and with it most of the internet, but if people keep making terrible regulations like this that try to hurt big companies and get rid of ads and in reality, you just enable and feed these massive companies. Regulation makes them MORE valuable, not less. (see Meta stock price vs. Snap after ATT)
Back in the olden days, if you read a boat magazine, you’ll see ads for boat stuff. This was always fun for me — if I’m ready a motorcycle racing magazine, I’ll see ads for cool things that I had no idea existed and that would be useful to me. With “targeted” ads, it becomes an echo chamber — I see ads that are “tailored” for my alleged current interests, but nothing that helped me discover new things that I could become interested in.
What’s wrong with context-based ads? If I’m reading about Thailand travel, then the publisher should sell ads related to SE Asia travel.
Why am “I” being customized to rather than ads being relevant to the content?
If you want to reach boat enthusiasts, then advertise on content related to boats (or perhaps water sports, etc.) You then don’t need to track “me,” but instead you can track “boat content. That takes the personal data out of it. This keeps me from being followed around the web trying to sell me a vacuum cleaner I already bought.
I have very little sympathy for the idea of NOT storing user data is some sort of onerous regulatory burden.
Just stop collecting it
TFA made it clear that they _aren't_ complying.
The article we're commenting on makes it clear the big guys aren't complying. Also, I reject the notion that you have to spend inordinate amounts of resources to comply, in fact it is the opposite. You don't spend money on data you don't store, after all.
Co. I used to work for is microscopic in comparison to FAANG, and we didn't have a single cookie banner or anything of the sort and have absolutely no problem complying with GDPR because we track nothing and collect nothing more than what is strictly necessary, mostly because of individuals like myself who push hard against any data collection that doesn't have a well thought out reason. Hell, even Github with their massive scale has no problem with not having cookie banners or anything else of the like. This is a problem of will, not resources.
> 2. Makes the rest of the internet worse (e.g. people show MORE ads because they are less effective because they show me boats and I hate boats)
Perhaps, but we're already drowning in them as-is. The internet is unusable without uBlock and DNS-level adblocking.
> 3. Makes data brokers even more important because companies can't get data anywhere else.
If we make data radioactive, then data brokers wouldn't be able to exist. What we need is stringent and broad laws that limit data gathering, period, regardless of the source. Whether you collect it yourself or pay someone else to collect it for you is completely irrelevant, both should be made equally painful. I'd also have no qualms with making sharing any data that you do collect even more of a pain in the ass and a nightmare for everyone involved, this whole gray market has net negative benefits to everyone.
> 4. Reduces competition because the incumbents will always have more data than startups (Nike knows I wear a size X and the startup can't ever get that data)
Why would Nike have this data in the system we're talking about (data radioactivity)? How is this data even useful to anyone, other than for tracking purposes to make a unique profile out of you? Companies shouldn't have this data unless it's a podiatric clinic or something like that, whether it be Nike or this imaginary Shoe startup that needs feet sizes for whatever reason.
I guess I could see there being genuine usefulness for people who have feet sizes that aren't the norm to find footwear that fits them, but there's no reason they have to have their entire essence tracked by every company on the internet for that.
That's an idealistic, but highly unrealistic, thought.
As long as a market exists that can profit from exploiting PII, and is so large that it can support other industries, data will never be radioactive. The only way to make it so is with regulation, either to force companies to adopt fair business models, or by _heavily_ regulating the source of the problem—the advertising industry. Since the advertising industry has its tentacles deeply embedded everywhere, regulating it is much more difficult than regulating companies that depend on it.
So this is a good step by the EU, and even though it's still too conservative IMO, I'm glad that there are governments that still want to protect their citizens from the insane overreach by Big Tech.
The EU bureaucracy machine can be slow moving, but has the potential to fix this. The stricter the rules, the simpler the implementation. You could cut a LOT of the administrative burden by specifying what data is allowed to be stored at all, instead of what isn't.
Big tech needs to be put in their place, and as others have commented; if this kills your business model, your business model doesn't deserve to exist.
Europe gives me less control of my personal data than the US would. I am no longer allowed to decide that I'd rather choose services that take payment in data instead of services that take payment in Euros.
I think people who disagree with this perspective should be accommodated. It's a valid objection and technology inherently favors monopolies, so you can't really have the Facebook equivalent of a vegan restaurant or gay club. I'm not against forcing (large) tech companies to offer tracking-free plans at reasonable prices for those for whom this is the right tradeoff.
What Europe is doing is just plain stupid, though, and it will be felt most by those who can least afford it.
Google, Microsoft and Apple don't really give you a choice, you will pay in Euros for your phone/PC, and then you will pay in your data as you use it whether you like it or not.
A prime example is sharing information about DNA since that has a social impact on relatives. Less obvious problem would be people in a position of social position, like say a judge or jury, since access to personal information in that situation provide unfair position of power in society. It also is a problem with voting, since access to voters personal information has a high risk of influence elections.
To take a more direct example, if you are paying your email provider with data, then you are also selling the information of anyone who send their emails to you. The sender is in an impossible position in that they can't know who the email provider is of a recipient (email forwarding is a thing), so the social cost is on the recipient if they sell the information.
This sort of business model is problematic precisely because the poorest can't afford to refuse - that's a feature not a bug. Privacy is deemed a human right, and human rights shouldn't be for sale.
You could make the same argument supporting the legal sale of human organs, but as a society we've decided that kind of "payment" strips the poorest of their dignity and human rights.
The business model is inherently predatory for other reasons too. People see what they get right now - "free" access to the website they're on, but they're completely oblivious to the real costs because they're abstract, too many steps removed from each individual's actions, but they're very real and damaging in aggregate.
Cute theory. Fails in practice. Especially with LLMs on the horizon, this would be tantamount to unilateral nuclear disarmament. (Practically, it fails in that we haven't quantified the cost of breaches commensurate with what those of us who are security minded estimate it to be.)
I have advocated for privacy issues for a short while. "Data is radioactive" is the "defund the police" of our movement.
On a side note, I also don't understand your comparison to "defund the police" - were there any places that fully applied it and demonstrated that it "fails in practice".
We should also be hoping for unilateral nuclear disarmament (I get your point on the infeasability though), but I don't see the parallels here. LLMs don't need personal data to work (I'd even imagine such data to be better off left out of the training data anyways, caveat for celebrities), and regardless of everything else whether the AI hypesters are to be believed about how world-changing AI/LLMs will be remains to be seen.
Also, as the OP article suggests, we can and are doing something about it. Things aren't perfect yet, but GDPR itself has already made huge waves and have made things better. From how I interpret this ruling, the dark pattern cookie banners are being scrutinized and are being put under the knife, so there's some hope that things will soon improve on that front.
> I have advocated for privacy issues for a short while. "Data is radioactive" is the "defund the police" of our movement.
Except we can already see a shift in the masses and their opinions here. People are becoming cognizant of the sheer amount of data all these tech companies harvest on them. I am consistently getting more and more of my non-technical-in-any-capacity friends asking me how to safeguard their data better, so I'm quite hopeful we're going to get there. All we need is to actually fucking hurt the FAANGs and their ilk. Cut the head off the snake and all that, if we actually hurt Meta as we should've a million times by now, then all the smaller players will automatically fall in line for fear of a similar world of hurt.
>we haven't quantified the cost of breaches commensurate with what those of us who are security minded estimate it to be
We don't estimate GDPR violations as the true materialized damages either, we put a heavy % of yearly income per offense, large enough to deter it.
It isn't good for consumers whose privacy is being violated as they are being annoyed with unwanted, irrelevant ads and they get charged higher prices due to the cost of the advertising.
It isn't good for companies buying the ads by participating in sham "auctions" with no real insight into or control over the process. They are literally begging to be ripped off.
It doesn't have to be this way. "Context sensitive" advertising is more privacy respecting, easier to implement and monitor and can be more cost effective.
Example: The fact that I recently shopped for and bought a car is no reason to show me auto ads on a web site devoted to pet supplies. There is a logical disconnect here because context is ignored in favor of "personalization".
Those paying for these dumb "personalized" ads are wasting their money and my time and bandwidth because I already made a purchase. I'm not making another one any time soon.
By the way, this doesn't really happen to me any more because I now block these "personalized" ad networks. And you should too --- it's the only logical recourse to this stupidity.
This is what launched Google's money printing machine: Showing ads matching the current intent (current search) thus solving a current problem.
At least out-of-context ads can be more easily ignored.
You seem to think that companies have a choice. I've been advertising for years, Google has been rolling out the standard ads in favor of automated "personalized" one for a long time.
They kept removing features again and again.
In more of removing features and making basic ads impossible to use, they have a team of people that will keep calling you and to offer you 'guidance' on how to run your ads. These guidance almost always revolved around enabling the automatic advertising algorithms and disabling your old school ads.
I consider myself quite smart with internet things but even me, at some point, got baited into switching to these automated ads because at the end you run a business that is completely different from marketing and it's not your core business. You're not expert into marketing and especially not into Google ads so it's easy for these experts to trick you.
I have seen my money syphoned by these automatic techniques with quite bad roi.
And all these self made people or very small companies (which represent the vast majority of the business), they are just as easy target for Google than I was.
Big companies can afford ads consultant that will run the advertising campaigns and optimize everything, but small ones are stuck doing things themselves on a system that is purposely made to hand over your money and let the computer do it's 'magic' with targeted advertising.
And if you're not happy with Google, what you gonna do ? It's not like there is competition. Everyone use Google, Google is a monopoly.
I tried switching to bing ads, Facebook ads, but its just not possible. No one use bing. Facebook leads were never as profitable as Google one, at least in the market I advertised.
I was hosting websites in 1998 when Google was still in Larry Page's garage. We sold ads the same way magazines and newspapers always have: we had a sales staff and they did their job well. There's no reason we can't go back to that.
I was recently searching for a toy across Etsy, Ali Express, eBay. I didn't buy it. A day later, I saw 'suggested' purchases on Amazon for the same toy. I boycott Amazon, so I don't often visit their website.
I normally block (successfully?) almost all of this advertising, so I find it particularly creepy when I receive it.
If you get another ad for a product you already bought the advertiser already paid for placement, a click through is just a bonus on top of that. Even more when information is so secretly guarded that any analysis of the impact of an ad is extremely flawed, it hasn't solved the old adage from John Wanamaker:
> Half the money I spend on advertising is wasted; the trouble is I don't know which half
It's meant to be that way, the ad platforms do not want advertisers to know what is waste and optimise their ads further than what's needed to keep them advertising, they just need to throw some bones here and there, convert a few people through clicks, to make themselves look indispensable.
There's no incentive to improve that, at all.
Easy --- advertisers pay for bad ads the same as good ones --- why bother stopping the bad ones?
Convincing so many advertisers to just blindly trust the system and buy into the concept of black box "personalized" advertising is actually the real marketing coup here.
According to some stats, global use of ad blockers is now over 40%. Once it exceeds 50%, I believe this stupidity will slowly start to die out.
_You_ think it doesn't work, but it does. Or at least 'on average' it does. As for your time, perhaps you value your time. But again, 'on average', there are so many people spending hours and hours on Insta, TT, etc. and those people clearly don't care about focus/time/ads, because it is their (mental/spiritual) bread and butter. When a young woman 'follows' 100 'influencers' and each posts twice per day, that young woman consumes at least two hundred ads per day and if she buys at least one item per day, that's a win for 'them'.
Regarding the car/pet scenario, if they are any good they should be advertising stuff to clean dog piss, brushes, etc.. items that "will keep your car clean when you got a pet".
But again.. it works. People make money.
Seeing ads appropriate to a site however makes me a bit wary of the site itself, it needs enough difference to the context to not harm the sites reputation.
Like say, advertising a car to you after you recently purchased one?
According to Meta, their personalized advertising alone generates over $0.5 trillion of economic activity per year.
As much as the Hacker News crowd hates on ads, it's indisputable that it's good for businesses and the broad economy.
https://research.facebook.com/economiccontribution/
I dispute this. Therefore it is not indisputable.
I support my dispute thusly: imagine a world where there were no ads. All the money spent on ads would be spent on other things. Those other things would, I assert, be better for everyone involved than ads. The world would be a better place.
I support my assertion that anything else would be better than ads by pointing out that for businesses advertising is an arms race, all your competition and you are in an auction for customer attention in which the winner is one of the duopoly that control all internet advertising. And for users I just point to waves hands at everything we hate about the modern internet all that. QED.
Why should I care that they make a boatload of money while making the life of everyone else crappier? Advertising turns everything into shit.
Crapware pre-installed onto your brand-new phone or laptop [1]? Advertising. Pervasive tracking added to Windows? Generating profiles for advertising. Smart TVs sending regular screengrabs to Samba TV? Analytics for advertising. Like your $2000 smart fridge? It's going to be much worse because Samsung is piloting advertising. Every tech product is getting infected by this disease, both shoving unwanted ads into your face and tracking your pervasively.
Of course, someone is going to argue that we cannot have 'free' products without advertising. In the end the consumer is paying for advertising as part of (increased) product prices.
E.g. if I'm on a pages looking at watches, should I get ads for watches, or would it be better to show ads for the washing machine I was looking up last night? Google, the search engine, clearly thinks it's better to show ads relevant to my search term, but they are also in a special position that's not applicable to a news website.
People working in the field has also previously commented, here on HN, that the ad networks are basically hustling the advertisers, selling them ad space / users that they know will perform badly, to move more "inventory". That generates economical activity, but does that benefit anyone beyond the ad networks?
By your logic, that makes it a good business. I dispute that.
Oh, but they shuffled some money around the economy (mostly into their coffers), so it was all worth it in the end, because as we all know the magic economy is the only thing that matters.
This discrimination is quite important and before internet people would self discriminate on those basis and buy different magasines, see different movies, walk different streets and advertisers could target their demographics based on that.
Now everybody goes to the same social networks so the tracking is used to provide this discrimination
A good example is gym membership. There's 20eur/month and 300eur/month ones. The 300eur/month ones really don't want to advertise to everybody, they have a really specific demographic target in mind.
Press release from Belgian Data Protection Authority:
https://www.dataprotectionauthority.be/citizen/the-market-co...
IAB response post:
https://iabeurope.eu/belgian-market-court-confirms-limited-r...
IAB was on the hook for the dreadful cookie "consent" popups that ruined the web (no, it wasn't GDPR that ruined it, it was a very deliberate action by "industry groups" like IAB).
The only reason the Market Court annulled the previous decision was on procedural grounds, while agreeing that IAB is responsible, and keeping the 250 000 EUR fine in place.
Too bad. I wish Market Court would've burned IAB to the ground, salted the earth and scattered the ashes.
Does anyone know what the consequences are? I have no idea exactly what it is that applies immediately.
I would guess that starting today Google and others should stop advertising as they currently do it, it being illegal. I doubt it's that simple, and even if it was, I am sure they will not simply stop. So what happens now?
As a result, data collected through IAB about European customers was collected unlawfully, and third parties must delete that data. IAB also can't smuggle consent like this anymore, and needs to pay a fine that was handed down a few years ago.
The legal publication can be found here (translated into various languages, though I believe the original may have been Dutch or French as it was the Belgian DPA that started the suit): https://curia.europa.eu/juris/documents.jsf?num=C-604/22 and here https://www.dataprotectionauthority.be/the-market-court-rule...
I very much doubt ad companies will actually delete the illegally obtained data, but IAB and other companies in the cyberstalking industry this can be a problem, because they need to actually comply with the law.
U guess they'll either try to fight it in court somehow or find a loophole to abuse. Or yknow... just ignore the ruling as long as possible.
What more would be needed? Does the GDPR need to be amended?
If this works it will be good for everyone, the many issue with today's internet is the perverse incentives to get views or "engagement" so you can sell ad space. The ads are the goal, not the message.
There’s no way the advertising industry giants will let it happen. But the thought alone clearly illustrates the damaging effects of advertising.
Honestly a number of really really significant societal problems have their roots in surveillance capitalism
> Dr Johnny Ryan said "Today's court's decision shows that the consent system used by Google, Amazon, X, Microsoft, deceives hundreds of millions of Europeans. The tech industry has sought to hide its vast data breach behind sham consent popups. Tech companies turned the GDPR into a daily nuisance rather than a shield for people."
I feel this so often gets lost in the conversation where a huge amount of people in communities like this one will loudly point out how annoying consent banners are but never give any thought as to why so many websites feel that just because you want to read a single article on their website that they are now entitled to sell your information often to hundreds and even thousands of different data brokers and that this is now so normalised that it’s almost every bit of content I consume now.
The original purpose of the GDPR was clearly to try and put an end to this kind of thing while still leaving cutouts for legitimate purposes with informed consent.
I’m so glad to see them come at this from a new angle entirely now to just firmly say that this surveillance capitalism bullshit is illegal and you can’t cookie banner your way out of it as some kind of legal protection.
Good, that makes me extremely happy as an EU resident and I wholeheartedly support whatever steps you need to take in order to enforce this. There’s no reason at this point to continue playing nice with US spyware companies masquerading as “data brokers”, let them deal with the mess they made but we don’t need it here.
Don't forget the "legitimate interest", where somehow 635 ad companies absolutely must have my data to visit a single website...
For once, a corporations actions will then disproportionately affect the rich, since they will be the only ones worth holding data points on. Those best able to financially and legally enforce the rule.
A clean win win.