Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature. Let the user make the choice once, in the browser, and let the browser tell the visited site what’s allowed. Statutory compliance would mean something like
browser detects and warns about cookies which do not appear to be in compliance with user’s preferences (optionally: browser can block cookies which do not appear to be in compliance)
browser detects sites which do not implement the spec at all, and warns the user about that
regulatory body checks for compliance on any site with over X number of users
regulatory body checks major browsers for compliance
Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature.
Well, it kind of is. The Do Not Track header has recently seen a court win in Germany (source):
It turned out that the judge agreed with vzbv, ruling that the social media giant is no longer allowed to warn users it doesn’t respect DNT signals. That’s because, under GDPR, the right to opt out of web tracking and data collection can also be exercised using automated procedures.
And it is basically the same in California too Source
GPC is a valid do-not-sell-my-personal-information signal according to the California Consumer Privacy Act (CCPA), which stipulates that websites are legally required to respect a signal sent by users who want to opt-out of having their personal data sold.
Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature. Let the user make the choice once, in the browser, and let the browser tell the visited site what’s allowed. Statutory compliance would mean something like
Sounds like do not track +
Well, it kind of is. The Do Not Track header has recently seen a court win in Germany (source):
And it is basically the same in California too Source