What happens if...
someone sues the government for violating their own GDPR laws?
MEPs have urged the Council of the European Union and the bloc's data protection board to take action against cookies following a report about widespread use of commercial trackers on EU websites. The report, published earlier this month, found that all but three EU member states' main government websites were littered with …
They have to defend themselves in court. The rule of law applies, and unless the governments have already placed some measure into the law to protect themselves, they could be held liable if found guilty. Since they aren't companies, the penalty would be more difficult to calculate. Then again, I don't know that there is any precedent at this time that placing trackers from other companies is a GDPR violation, although I think it should be. There are certainly a lot of sites with them on that are based in the EU.
"They have to defend themselves in court."
Not necessarily. I believe most governments protect themselves with some sort of Sovereign Immunity. It's definitely inscribed in the US Constitution that one cannot sue the US government unless they LET themselves get sued.
To what purpose do these government sites have trackers installed? What, exactly, do they (the sites) **NEED** to track?
The assumption seems to be that these trackers are stupid and/or pointless and/or intrusive and/or nasty and/or just plain dumb. Which may well be the case. But if so, why are web site designers including them?
In my experience, it's often the 'free' (or low-cost) functionality that is provided by all manner of widgets.
Rather than developing something like social media plugins, "share this page" widgets, or geolocation features, front-end 'developers' just drop in stuff from the likes of AddThis, ShareThis, AddToAny, Sumo, and Shareaholic. Seems that every time I peruse server logs I find evidence of the server connecting to all kinds of cloud-based services. And, of course, frequently the web guys give it away when they complain that something isn't working right. We're blocking it, of course, but we can hold out only so long before some VP gets his way and we have to unblock it.
And then we have to sit through another ra-ra session during an all-staff meeting were the web VP gloats that his team was able to put this fantastic functionality together in "just one week".
Last year I looked at the advertising that takes place on comics sites such as Dilbert, and for fun I followed the process to opt out instead of blithely accepting the traditional full body + cavities surveillance. That turned out to only be fun for people with masochistic tendencies. Thank God I'm stubborn :).
I found in total 350 trackers, and a button produced a list of 172 already enabled trackers (no surprise) that I had to switch off. One by one. The other 178 were hiding in 3 different aggregators which alleged to have the ability to opt me out. That didn't work so well, about 30% of opt outs failed.
Here's the extra kicker: that opted me out on a site basis. I had to go through that again on other sites, so uBlock came back on..
On the 15th of this month I came across the same deceptive tactics, but this time in Europe. YourOnlineChoices.eu gives you the option to opt out as well. Guess what's missing? Yeah - the "opt out of everything" button. The good news is that it had me opted in everywhere, so I can now hand that off to the relevant authorities as that's no longer a permitted default in Europe.
The result is that it merely justified my use of tools like uBlock. I'm OK with leaving ads enabled as I understand the need for revenue (although, when I want to disable it there are now ad block blockers, so I need to find an ad block blocker blocker :) ), but I am NOT ok with being under surveillance, especially not when such attempts to legitimise itself by making it appear I agreed to it.
No, no, no.
"Guess what's missing? Yeah - the "opt out of everything" button."
Maybe you still had some cookie of script blocking on. When I disabled all blocking there are two very large clickable buttons on the left. A huge green one to switch all tracking on and a huge red one to turn all tracking off. The off button doesn't seem to work full since not all of the companies represented will turn off or are uncontactable. Interestingly, some of the biggest names in tracking fail to disable via that site, eg Oath, Google, Adobe, Oracle etc.
Why stop at cookies? I'd like to block all third-party content.
You don't want to host that massive javascript file yourself? Well then how can you trust it?
An image hosted elsewhere that is referenced with a unique URL is very close to a tracker in itself.
If you want to do site analytics, look at the apache log files.