Feeds

back to article A pre-ticked box in web forms should NOT mean consent - EU report

Businesses will not be able to use pre-ticked boxes to gain user consent for the processing of their data under changes proposed by the European Parliament to new EU data protection laws. In a new report, Jan-Philipp Albrecht, a rapporteur for the European Parliament's Civil Liberties, Justice and Home Affairs Committee on the …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Thumb Up

All seems very sensible

Hurray for the EU!

Oh my, did I just write that?

29
0
Silver badge
Stop

Re: All seems very sensible

Given that privacy legislation is a sole EU competence (partially under the lisbon treaty and partially under european human rights legisation that became our human rights act), and given it doesn't allow any subsidiarity in this particular area, it's not so much "hooray for the EU" as "we could have done this years ago if they weren't sitting on it".

Ever wondered why UK privacy reform is so mealy-mouthed and bitty? They're having to work around the fringes of the problem because the EU doesn't allow national parliaments to act on this issue any more, so instead they legislate in areas where they can at least appear to be doing something. That's why were getting loas of bullshit laws criminalising everything and levying fines on everything else.

5
7
Gav
Boffin

Re: All seems very sensible

"We" are "they". The UK is part of the EU. The UK has just as much a hand in its legislation as any other member (Euro excepted). So the idea that the EU has been holding the UK back on striding forward to solve this problem is mistaken. In fact, given the current political make up of both governing bodies, it's a bit of a joke to suggest the UK would have done this ages ago if it hadn't been for the EU.

10
2
Silver badge

Re: All seems very sensible

Ever wondered why UK privacy reform is so mealy-mouthed and bitty? They're having to work around the fringes of the problem because the EU doesn't allow national parliaments to act on this issue any more,

Given their complete failure to act in cases of ISP wiretapping, etc, and their continued attempts to track as much citizen data as possible, do you honestly think the UK gov would give two hoots for your data privacy on its own?

15
0
Bronze badge

Re: All seems very sensible @Graham Dawson Silver

I don't think you can be right as I'm currently working in another EU country and here boxes must be unticked.

I also have to agree with the other commentator who pointed out that the UK is part of the EU and involved in making decisions. It was interesting that Cameron recently threatened the veto, thus showing that the UK could have done that all along but chose not too. Basic policy for Labour and Tories is, unpopular policy, blame the EU.

7
1
Bronze badge

@Gav - Re: All seems very sensible

Gav wrote :- " The UK is part of the EU. The UK has just as much a hand in its legislation as any other member (Euro excepted)."

It may be as much but it is not 100% as it would be if the UK controlled our own laws. Same goes for any other of those countries, who's citizens from time to time probably feel as frustrated as UK do - but probably about different matters because Italians, French, Romanians, whoever, clearly have a different midset on many matters from the British, and no doubt from each other too.

And different climate. For me, as the owner of about 400m of wooden fencing, the last straw was the EU banning creosote. That might be all very well in dry countries like Greece and Spain, and for Germany where most people live in apartments, but not in the damp mists of the Welsh hills where I live.

Whether the UK itself would be any better than the EU in its laws is a different matter, but there is no doubt that creosote would not have been banned here - just an example.

And don't start about my using meters above rather than yards to claim I should love the EU. I like French wine and Italian food too as it happens. But you don't need to be in the EU to buy French wine, any more than you need to be in the Malaysian Federation to buy rubber tyres

2
1
Silver badge

Re: All seems very sensible

ITYM they're trying as hard as possible to keep UK optin-in laws like the USA's ones and repeatedly being smacked down by the EU because of it.

Writing clearly worded stuff is easy. Mealy mouthed stuff is only needed when you need something to do the opposite of what it appears to do.

3
0

Re: @Gav - All seems very sensible

"For me, as the owner of about 400m of wooden fencing, the last straw was the EU banning creosote. "

The EU did not ban creosote - they regulated its use (restricted to professional users under certain circumstances). No massive hardship either way - creosote is fucking horrible stuff and a pain to apply properly to wood in a domestic setting and there are endless replacements for it of varying efficacy and ease of use (most considerably easier and more pleasant to use than creosote in a domestic setting, such as yours sounds).

Sensible choices of wood types for particular uses also helps - e.g. woods such as Azobe or Jarrah for posts, buried structures and submerged (or partly) sub-merged location. Properly pre-treated timber, whilst not protected forever, should help keep maintenance to a sensible level as well.

The carcinogenic issues of creosote are far from proven in humans, although a 'probable' or 'possible' rating is not completely without merit - but even so, given the amount of viable alternatives that are drastically less toxic overall and far more pleasant to use, i'm not convinced it's that bad that its use is restricted to a group of people who supposedly should know how, where and when to use it.

4
1

Re: @Gav - All seems very sensible

I can confirm that termites don't like jarrah, but will eat it if there's nothing better. However, they won't touch creosote soaked jarrah in a hundred years. They'd rather eat concrete

0
0
Silver badge
Megaphone

Soon on a form/website near you...

[ ] I consent to not having my information passed onto third parties.

3
0

[ ] Don't tick this box...

...if you don't not want to not have your data not exploited.

3
0
Silver badge

[ ] Don't tick this box...

if you want us to tick it on your behalf.

2
0
Silver badge

Re: [ ] Don't tick this box...

Please be advised that by ticking this box we will own your Soul, for all of eternity and beyond.

Sincerely yours E Schmidt.

2
2
Anonymous Coward

Re: [ ] Don't tick this box...

I've seen a very similar worded option recently, not sure where (might have been British gas) along the lines of: Please check this box if do not want us to not pass your information to "selected" 3rd parties

(Selected being ANYONE who will give us a couple of pence)

3
0
Silver badge
Devil

Re: [ ] Don't tick this box...

And the other little trick that seems to be popping up too on a single form/page:

[ ] tick here if you don't want us to send you spam.

[ ] tick here if you consent to us selling your soul to third parties who will then send you spam.

Set up of course so that people see the first one and tick it, but then follow instinct and also tick the second without pausing to fully read it and so actually opt into the second one.

That kind of trick is also the spawn of Satan.

2
0
Silver badge
Devil

Re: [ ] Don't tick this box...

[ ] If you do not tick this box we may not be able to send you vitally important information and little kittens may die horribly...

1
0
Silver badge

How much do you want to bet this gets spun as preventing innovation and more red tape that prevents companies growing and hiring more workers.

12
0
Anonymous Coward

I like the argument that says allowing businesses to fire workers easier would lead to more workers being hired.

7
0
Silver badge

And, presumably, the better workers at that.

1
0
Silver badge

@AC

There's two points here.

One is that it allows companies to hire more people in order to be able to select the ones worth keeping after three or six months, and the other is that companies are petrified by the redundancy conditions such that they do not take people on until absolutely necessary, for fear that having to make them redundant at a later date if there is a downturn in their business is so costly. This is also the reason why so many companies prefer to use agency staff until they know an increase is really justified, to avoid the redundancy packages.

In both cases, if it was easier to get rid of workers more easily, companies might be prepared to employ more people.

I personally would prefer to work for a company knowing that they could shed staff more easily if it stops the business going bust and everyone being made redundant, even it it did lessen my job security. There are some safeguards needed, but giving a company in difficulty the choice of going bankrupt because they keep too many employees on and have to keep paying them, or going bankrupt because the redundancy packages they have to offer can't be afforded, is no real choice at all. They both drag the company down.

3
1

This post has been deleted by its author

Silver badge

Or just cheaper ones.

1
0
LDS
Silver badge

Re: @AC

Sure, but to allow fully for that you should also get rid of "limited responsibility" types of company. If you make the owners (and shareholders) fully responsible and liable with all their properties of the company debts then workers could accept to be fired more easily. Otherwise you're going to fully protect one side while letting the other one fully exposed. A bad managed company that goes bankrupt and with lots of debts usually causes big damages to other ones when debts are not paid - often causing even more unemployment while bad owners and management often moved money away.

"Creative destruction" has to work in all directions, not only in the one to make labour cheaper by blackmailing workers. And it's funny that this type of full capitalism was made real only in communist China... people should start to think why....

2
0
Bronze badge
Thumb Down

@Peter Gathercole - Re: @AC

Peter Gathercole wrote

".. companies ... do not take people on until absolutely necessary, for fear that having to make them redundant at a later date if there is a downturn in their business is so costly. many companies prefer to use agency staff until they know an increase is really justified, to avoid the redundancy packages. ...... if it was easier to get rid of workers more easily, companies might be prepared to employ more people."

Doesn't work like that where I work. We have about 50% agency staff. About a year ago work was very slack, and I asked my boss why the agency people were all still sitting at their desks doing nothing. "But if we get rid of them" he said " it might be hard to get them back again when work picks up!"

2
0
Silver badge

@LDS

It's not quite that straight forward.

Shareholders are already on the hook, as they are unlikely to get the money they invested back. They are just as much creditors as the workers who are owed pay.

In the case of a company that is negligently driven into large debts, especially if money is owed to HMRC (in the UK), then the directors can be sued for corporate negligence, which can result in them being banned from becoming a director for a period of time, personally heavily fined, and in some cases, sent to prison, especially if fraud can be proved.

Limited Liability companies do not offer complete protection, but I admit that there are ways of extracting value from such a company and walking away without the debts.

1
0
Bronze badge

Re: @Peter Gathercole - @AC

Hang on to that boss.

Even if he starts making comments about "full time monkey breeding rates" the occasional truth is a precious thing from the Managerial Class.

0
0
Devil

I hate the forced assumption of unilaterial agreement to exploitation.

Nothing a nastily worded email does not fix, to every arsehole in the management and company....

But I'd rather trade with companies that don't do this stupid, "stand on your toes" bullshit.

Satan - because she knows where to shove it.

0
0
Silver badge

Cookies?

Will this also prevent the bypassing of the new cookie legislation, where every website now seems to popup a box that says, essentially, "We use cookies, tick here to agree. If you keep using the website we'll assume you have agreed anyway." with no possibility of saying "No"?

Of course, there are cookie-blocking add-ons for browsers like Firefox, but that's not the point.

4
1
Gav
Boffin

Re: Cookies?

There is a way of saying "No". It is by not using the website.

3
4

Re: Cookies?

The main reason there was a lot of back-pedalling over the cookies issue is simply that many sites people want to use simply cannot function without them. After the cookie regulations were passed, it soon became obvious that the the rules were practically unworkable.

Cookies are not primarily used to send information about your browsing habits to third parties, but to allow the site you're using to provide the interactiveness you expect. They are not really necessary for simply browsing a news site or reading a forum, but as soon as you want to manage e.g. a shopping cart, a favourites list or even just individual user preferences then they are needed. Some things can be got around using data passed with page requests, but that's a very limited approach.

1
2
Anonymous Coward

Re: Cookies?

There was never a problem with site functionality and the EU cookie legislation. Cookies for things like shopping baskets were absolutely fine - the ICO said so.

What happened was that advertising sales companies (and Google is one of those) screamed blue murder and claimed that the whole things was unbelievably, incredibly complicated and would break the internet, sometimes in ridiculous articles like this one.

http://adage.com/article/digitalnext/online-privacy-eu-cookie-law-death-digital/234950/

If large advertising agencies like the one I work for, plus online display advertisers had wanted to implement the cookie legislation, they could have done so without any real problems at all. It was in their interests to claim it was all impossible and complicated and expensive and badly drafted and the end of the world. And it worked.

5
0

Re: Cookies?

cookies are used to give state to a stateless protocol. Without them you are always a new user reaching the site for the first time ever.

Of course you can avoid using cookies by passing the session variable on the URL, but for the user the consequences, for good and for bad, are the same.

1
1
Silver badge

Re: Cookies?

Which is why I didn't say "cookies" I said "the new cookie legislation".

0
0
Anonymous Coward

Re: Cookies?

"Of course you can avoid using cookies by passing the session variable on the URL"

I worked very hard to make my web site meet the spirit of the new rules.

Cookies are optional - and only used to remember a user's details between totally separate visits to the site. While they are accessing any pages on the site - then any details are only remembered in "global" Javascript variables - not in browser data storage functions. This gives the user the ease of field data re-use when submitting FORMs from different pages.

To allow the long-term cookies the user is given a clearly labelled box to tick on the pages that send the user's details in POST requests. If they tick/untick the box, at any time, then they are asked for confirmation that they want to allow, or delete, cookies.

Of course that site is built and run for the benefit of the users - not its owners.

0
0
Flame

DNT

So... A default value of "I do not consent to tracking" is good, and a default of "I consent to tracking" is bad, in the eyes of the EU.

How is Mr Apache, who's name I can't remember, going to take this?

1
2
Happy

Re: DNT or you are tracking my data to assist me. Hence protect my data.

No App or web site has a legal right to my stuff no matter what they say about implied consent. Hence if I consent to storage of my stuff: content, email, search, locations, social, commerce must be in an encrypted (vault) with the keys to the vault requiring two human signatures. Obviously, assisting me to search and find my stuff and/or the web for stuff related to my stuff requires statistics that are derived from my stuff but can be decoupled from my identity by various means (some of which might become open standards).

Every App that has my permission to touch my stuff should be treated like iCloud, Google Drive or any other contracted cloud service; my data must be protected while at the App and returned to me, or destroyed promptly at my request. None of this 'fine don't befriend my site/app but I'm keeping your snail-mail adresses, email, phone numbers, social and business contacts'.

0
0
Silver badge
Flame

Very sensible. I doubt it'll make much difference though. I'm always careful to check/uncheck the 'Don't send me marketing crap' option but half of them still send it.

0
0
Silver badge

I thought we'd thrashed this out years ago and decided that opt-in by default was not on. Did the lobbyists bury it last time?

0
0

This is more about refining the definition of "opt in".

Currently, we (usually) have "the customer opted in if this box is checked". What is being proposed is more like "the customer opted in if they manually checked this box".

2
0
Silver badge
Thumb Up

They can start with Adobe

The pre-ticked box on the Flash download page that bundles McAfee foistware is very annoying when I'm updating Windows boxes.

11
0
Silver badge
Flame

It's not just Adobe...

They can also start with all those downloads where if you don't un-tick the "Automatic Install" box, the pre-selected (by them) options will aso bundle in some bloody toolbar, switch your homepage, change your default search engine and other assorted BS!

3
0
Happy

Re: They can start with Adobe

The assumption that you have the wherewithal to read the shyster-generated fine print associated with installing software on your PC was never true. Legal precedents about making contracts on computer screen were never valid. Now, with handheld devices that respond to voice and gestures made by people on the move, the laws pertinent to contracting with the handicapped apply. No way, 'give us rights to your stuff now or we let you stay lost' is not duress.

0
0
Megaphone

Re: They can start with Adobe

Re. updating windows boxes: http://ninite.com

Re. TOS fine print: http://tos-dr.info

0
0
Silver badge
Mushroom

Speak of the fucking devil...!!

Zone Alarm has just prompted me that the free version of their firewall I'm running is out of date, so I need to download and install a new version.

Fortunately I (of course) clicked "Custom Install" instead of "Automatic" because I found that the bastard thing would otherwise have tried to make Zone Alarm my home page, installed the Zone Alarm toolbar and make Zone Alarm my default fucking search!

Not only that, but it wanted my e-mail address to register and had pre-ticked the bloody box that says "Inform me about product updates and security news".

No. Fuck off. I don't want any of that shit and I don't think that my downloading free product justifies you trying to foist all that crap onto my computer!

0
0
Anonymous Coward

Can we have a rule that says in *all* cases, a checkbox being ticked means YES and a checkbox not being ticked means NO.

This is to avoid the crafty buggers who invert the consent form to be opt out instead of opt in.

2
0

Absolutely, they should enshrine this in the law. All the messing about with double negatives and inverting the meaning of two adjacent tick boxes is obviously designed to confuse users, there can be no other purpose. Companies who do it should hang their heads in shame.

0
0
Anonymous Coward

So that you have to opt in to opting out, instead of opting out of opting in?

2
0
Go

Good show

Wonderous. It seems the Europeans are thinking these days, more so than I can say for our local Americans. They seem to understand, almost as if they use the internet themselves, that harassment is not the way to go.

I applaud their sensible efforts.

1
0
Silver badge
Thumb Up

Good!

It seems that someone at the EU is *finally* getting a clue!

0
0
Thumb Up

And another thing

"...suggested that dominant market players could not make "unilateral and nonessential" changes to contractual terms if consumers have "no option other than to accept the change or abandon an online resource in which they have invested significant time"

Damn right.

0
0

Page:

This topic is closed for new posts.