In just two weeks, the E.U. can begin fining GDPR violators. This is a must-read essay by Doc Searls, touching on the law itself, consent, and adtech. There’s a lot in this piece that is quotable and brilliant, but I think this is a truly critical paragraph:
And that’s on top of the main problem: tracking people without their knowledge, approval or a court order is just flat-out wrong. The fact that it can be done is no excuse. Nor is the monstrous sum of money made by it.
In addition to GDPR, Apple’s anti-tracking feature in iOS 11 and MacOS High Sierra has also, apparently, caused great concern amongst adtech companies that rely upon users’ implied consent, as most browsers’ default preferences permit the setting of third-party cookies. In cases where they don’t — for example, in Safari — adtech companies actively try to subvert your preferences. For example, Criteo:
A reminder that Criteo’s idea of unambiguous consent has long been represented by a banner across the bottom of the screen that indicates that any further clicks on the webpage will be construed as consent, and that you can opt out in the future if you read the banner in full and managed to remember the name of the third-party company that is now tracking you across the site.
It’s obvious — but no less revealing about their suspension of morality — how adtech companies will take full advantage of browser defaults to imply consent, but will actively fight against browser defaults through nefarious behaviours when it impacts their business.
Searls’ next paragraph is key, too:
Understanding that the GDPR is the direct result of widespread bad behaviours is truly critical. I don’t think this will eliminate bad actors, but it will provide a framework for adequate consequences. If a company cannot bear the legal blowback from a failure of responsibility to adequately protect users’ information, they should not be collecting it in the first place.