back to article Fortune favours the Brave: Privacy browser chap takes gripes over adtech body's website to Irish data watchdog

Adtech industry body IAB Europe is facing down another data protection complaint from Brave browser bod Johnny Ryan, this time over the all-encompassing cookie wall stalking its site. The complaint, filed today in Ryan's home nation of Ireland, seeks to win a long-running argument between privacy activists and the tracking …

  1. alain williams Silver badge

    The next target ...

    should be those web sites that ask you to opt OUT of receiving spam, etc. My understanding is that these should be opt IN.

    Many do this, but start with Ryan Air.

    1. 0laf Silver badge
      Stop

      Re: The next target ...

      It's also my understanding that this is already against the GDPR regs. But likely we'll have to wait until the regulators get round to doing anything. Would be nice if we could have a Shrems type person to push this on.

      1. Anonymous Coward
        Anonymous Coward

        Re: The next target ...

        As it so happens, I use those examples in a book I'm writing..

      2. DaLo

        Re: The next target ...

        And PECR which preceded it.

    2. Anonymous Coward
      Anonymous Coward

      Re: The next target ...

      Who are Ryan Air?

      1. Throatwarbler Mangrove Silver badge
        Holmes

        Re: The next target ...

        Hard to say.

        1. Intractable Potsherd Silver badge

          Re: The next target ...

          @Throatwarbler - I think you might have missed a "Whoosh" whilst warbling...

  2. Anonymous Coward
    Anonymous Coward

    Matthias Matthiesen said that there was "nothing in either the GDPR or the ePrivacy Directive that prohibits so-called cookie walls (or consent walls for that matter)".

    Uh-huh?

    "In order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the processing of personal data or the processing of information related to or processed by the terminal equipment of end-users."

    1. Anonymous Coward
      Anonymous Coward

      Basicaly they've put their fingers in their ears and gone "La la la! Can't hear you!!!!"

      Not the best legal strategy.....

      1. chivo243 Silver badge

        Not the best legal strategy.....

        But it seems to work for a vast amount of Zucks etc

      2. Anonymous Coward
        Anonymous Coward

        It's a fine strategy, they know it's wrong but know that unless someone takes them to court and pays the expense of doing it they can carry on. They just need to decide to change their mind before any major legal expenses are due.

        What should happen it the data regulator sees, this. Tells them to stop, they don't they get a fine. They still don't stop, they get a larger fine until they do.

        They don't like it they take the data regulator to court at their own expense.

        1. Anonymous Coward
          Anonymous Coward

          "It's a fine strategy, they know it's wrong but know that unless someone takes them to court and pays the expense of doing it they can carry on."

          In Europe, the loser pays the legal costs of the winner in civil proceedings.

          "They just need to decide to change their mind before any major legal expenses are due."

          However, breaking the GDPR is NOT a civil dispute, but breaking the law. What Mr Ryan did was informing the Irish Data Protection Commissioner that IAB was breaking the GDPR. Which means that even if they change their policies, they were still breaking the law and could be punished.

          1. Anonymous Coward
            Anonymous Coward

            The data regulator doesn't want to take legal proceedings against any company for small misdemeanors. If the contact them and threaten court action then they will just say sorry, we'll change it. The Regulator will accept that and drop the case.

  3. Cynical Pie
    Mushroom

    Ah the old 'the law doesn't specifically say we can't so we obviously can' defence.

    Newsflash - the law doesn't explicitly say you can't plant land mines in your front garden but I suspect the authorities would take a dim view if you did!!

    Icon - well not my fault the postie stepped on to the grass...

    1. sabroni Silver badge

      "the law doesn't specifically say we can't so we obviously can"

      The law specifically says they can't. It's in the anon post above this one. Access cannot be conditional on consent. It's against the law.

      1. Cynical Pie

        Re: "the law doesn't specifically say we can't so we obviously can"

        I know the law does, I was referring to their defence... and the anon comment was added after my post :)

      2. gnarlymarley

        Re: "the law doesn't specifically say we can't so we obviously can"

        Access cannot be conditional on consent. It's against the law.

        Since you are totally against tracking, I presume you would be okay with me using your online banking account and having tracking disabled on that particular bank's webpages?

        I do know that there is a reason tracking must be conditional on consent in some locations, but that the same time there should be a public "free (no tracking mode)". It is interesting that folks think they need more tracking is some locations such as banking and less tracking in other situations. To me, this is easy as I just don't use the sites who want to track me on publicly available information. Please do the same.

    2. DavCrav Silver badge

      "the law doesn't explicitly say you can't plant land mines in your front garden "

      I would hope that at least that falls under general statutes against having explosives...

      1. Robert Carnegie Silver badge

        I think the land mines are illegal under international treaty or convention although IIRC the US didn't sign, so presumably legal in your lawn there.

        IIRC also the "land" mine ban doesn't apply to a beach below the high tide line because that isn't officially "land". So jolly fun to have with your bucket and spade.

  4. old_IT_guy

    Shrug

    Hit a site with a cookie wall, simply close the tab. At the moment I can't think of a single case in my use of the web where there was no alternative site without the intrusive cookie wall.

    I know that's not going to cover some edge cases where there is simply no alternative, but for most such shitty sites, just close the tab.

    Glad someone is taking on those wankers though, well done!

    1. MiguelC Silver badge

      Re: Shrug

      Maybe a few people will do that, but it doesn't solve the problem (and the number of people doing that will probably be just a rounding error on the site's visitor count).

      If nobody ever challenges them, they'll continue breaking the law and collecting data on the vast majority of people who wish to visit the site and see no other option but to agree with its cookie policy.

    2. Mark 85 Silver badge

      Re: Shrug

      Seems that more and more sites are doing the cookie wall instead of letting you have access without taking the unhealthy snacks for your computer. The only real option at this point (if you want access) is "private mode" and clear the cookies when done. A PITA but, in my view, a necessary one.

      1. Jack of Shadows Silver badge
        Mushroom

        Re: Shrug

        Browsers here allow the nuclear option on tab, or window for that matter, closure which is flipped on. That's in addition to all the other methods already in use against the industry. If a browser didn't allow this, it wouldn't be in use.

      2. gnarlymarley

        Re: Shrug

        Seems that more and more sites are doing the cookie wall instead of letting you have access without taking the unhealthy snacks for your computer.

        This is why I still sport a http version of my website that does not require cookies or allow input data, but the https version where you can fill out information. And in the process of filling out that (possible) private information, I need to be tracked or else it might confuse it with other people. Once enough people get fed up with these kind of setups, they will start voting with their feet and use other lesser known websites instead. I am not sure why but the iab site seems to think that it needs to track people and since they can track you using other methods than just the cookie, don't even use private browsing. (By using private browsing, you continue to support the people that runs those websites.)

  5. A.P. Veening

    He went on to say that there was "nothing new to discuss" after the Dutch ruling, and wouldn't be unless "the Court of Justice of the EU pipes up and introduces new relevant information to consider".

    It is completely true there is nothing new to discuss, IAB has been and is continuing to be in breach of the regulation. It will just take a proper fine to convince them.

    1. Doctor Syntax Silver badge

      "It will just take a proper fine to convince them."

      Even better, several proper fines on the businesses they've given this advice to who then sue them.

  6. a_yank_lurker Silver badge

    Trying to go broke

    It sounds like they are trying to go broke from all the fines they could be hit with. Not exactly the best strategy to use.

    1. gnarlymarley

      Re: Trying to go broke

      broke from all the fines they could be hit with

      If people did like me and voted with their feet, then this would be true. However, I do not see this happening. I believe people would rather deal with it than to "help" a company go "broke".

  7. Shadow Systems Silver badge

    "create a more transparent, trusted and safe online experience"

    We will never trust you. You will never be safe for us to allow in. It's nobody's fault but your own.

    Please fek off and die and take your entire industry with you.

    1. gnarlymarley

      Re: "create a more transparent, trusted and safe online experience"

      We will never trust you. You will never be safe for us to allow in. It's nobody's fault but your own.

      Please fek off and die and take your entire industry with you.

      Interesting! This is exactly what those websites are saying about both you and me!

  8. ChrisElvidge

    iab.com and iabuk.com

    don't use a "cookiewall" and also clear cookies at end of session

    1. gnarlymarley

      Re: iab.com and iabuk.com

      There are other ways to track a user, such as embedding a tracking code into the link. Once you "login to a site", you should be "tracked" with whatever method to "remind you to logout". Really what we should be arguing, is why we are "required to login" just to view "information" that should be freely available?

      1. Anonymous Coward
        Anonymous Coward

        Re: iab.com and iabuk.com

        Yes, the trackers are the first thing I always strip from the URL before sharing with anyone.

        You should see the trackers in the URL that you get from mailing lists like newspaper ones, they appear long enough to hold you DNA sequence*. As far as I can tell, few other people bother when they send me links, so I always have a quick look first - and don't get me started on link shorteners such as bit.ly - why can't the all have the same code for "show me what link this actually represents"?

        * yes, that's hyperbole. Roll with it.

  9. Boy Quiet
    Unhappy

    Cookie Monster or proxy server

    Has no one created a proxy app that filters what the cookie can send, replacing any personal data with a generic avatar?

    1. gnarlymarley

      Re: Cookie Monster or proxy server

      created a proxy app that filters what the cookie can send

      Been there and done that. I built mine using the perl LWP module.

      The problem I ran into, is once you get to data input forms, tracking "who" is filling out what data becomes a requirement again. This especially holds true when it comes to payment information. Not tracking means your payment method could be used by others who are using the same proxy.

      My personal option is that tracking should be done on https and non-tracking on http. AKA, if your site has public information, that should not need a login then it should not need any "security" nor "tracking".

      1. Anonymous Coward
        Anonymous Coward

        Re: Cookie Monster or proxy server

        My personal option is that tracking should be done on https and non-tracking on http. AKA, if your site has public information, that should not need a login then it should not need any "security" nor "tracking".

        Heavens, no. That would deprive Google of its monopoly on traffic analysis (since their analytics tend to be already on the site, like a cancerous growth on the Net). Sorry to pop the illusion if you believed if that was for your protection, but be fair, you should have known better.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019