[HN Gopher] Italian watchdog bans use of Google Analytics
___________________________________________________________________
Italian watchdog bans use of Google Analytics
Author : giuliomagnifico
Score : 505 points
Date : 2022-06-23 17:27 UTC (5 hours ago)
(HTM) web link (www.gpdp.it)
(TXT) w3m dump (www.gpdp.it)
| current_thing wrote:
| ottime notizie. vietare google e monetizzare le bellissime
| spiagge, e mangiare pasta autentica.
| nonsapreiche wrote:
| e w la fica
| ciarcode wrote:
| You do maybe
| ciarcode wrote:
| I don't think you're really Italian ahahah
| mrkramer wrote:
| Google is sucking in so much data that at the end it will be
| outlawed everywhere.
| dclusin wrote:
| Suppose I run a website in the us and a user in Italy connects to
| it. Does this mean I'm now breaking the law serving them the
| website? My connection logs now have pii.
|
| What if I use a cdn that has points of presence in Italy and
| still pings my server with a head request and the end user ip?
|
| Am I also now breaking Italian law by using google analytics?
| kmlx wrote:
| https://en.m.wikipedia.org/wiki/HTTP_451
|
| > After introduction of the GDPR in EEA it became common
| practice for websites located outside EEA to serve HTTP 451
| errors to EEA visitors instead of trying to comply with this
| new privacy law. For instance, many regional U.S. news sites no
| longer serve web browsers from the EU.
| Nicksil wrote:
| https://en.wikipedia.org/wiki/HTTP_451
| peoplefromibiza wrote:
| > Does this mean I'm now breaking the law serving them the
| website?
|
| As the article specifically states:
|
| _The Italian SA found that the website operators using GA
| collected, via cookies, information on user interactions with
| the respective websites, visited pages and services on offer.
| The multifarious set of data collected in this connection
| included the user device IP address along with information on
| browser, operating system, screen resolution, selected
| language, date and time of page viewing. This information was
| found to be transferred to the USA. In determining that the
| processing was unlawful, the Italian SA reiterated that an IP
| address is a personal data and would not be anonymised even if
| it were truncated - given Google's capabilities to enrich such
| data through additional information it holds._
|
| So, unless you are collecting EU citizens user data,
| transferring it to US and have the _capabilities to enrich such
| data through additional information you hold_ , no.
| curiousllama wrote:
| IIRC, it basically only applies if you're actively doing
| business in the EU, or courting future business.
|
| So, if you have a personal blog that grabs IPs? Not illegal. If
| you start a merch shop for your blog (or put in ads/sponsored
| content, etc.), then the whole site needs to be GDPR compliant.
| encoderer wrote:
| There is really no reason to use Google Analytics anymore. There
| are many great alternatives now, mine is PanelBear.com. Other
| people love Fathom and Plausible. It's great to see some
| unbundling happen.
| sixothree wrote:
| Yeah, it was another one of those trojan horse programs. Offer
| something incredibly useful to website owners; something so
| compelling that they literally can't say no. An oh, it just
| happens to track the activity of every web user anywhere in the
| world.
|
| The alternative offerings at the time were fairly awful
| compared to what google released.
| quickthrower2 wrote:
| I also believe (no proof though!) that you don't need all that
| micro detail about your users and it is a distraction for a
| business.
|
| A rough "how many came" is useful. At least to diagnose if the
| site had problems. Just talk to people and make your thing
| good!
| scale8 wrote:
| The reason we built Scale8.com - Time to replace Google
| Analytics and Google Tag Manager :)
| tin7in wrote:
| We are based in Europe and self-host our analytics exactly for
| this reason. I feel this is just the beginning.
| V__ wrote:
| Are you using a custom sotware or something like plausible.io?
| tin7in wrote:
| I've heard about Plausible but haven't tried it yet. We are
| using Posthog which is a suite for product analytics.
| stevoski wrote:
| Plausible et al all are a pale imitation of GA. They all
| offer a dashboard with some basic filtering. But they offer
| little in the way of true analytics features, that allow
| you to slice, dice, and compare data.
| mhitza wrote:
| I'm working on an web analytics project that gives users
| more power over the way they slice/dice/compare analytics
| data. Would you be interested in giving it a try when the
| project launches in alpha?
|
| Send me a hello email at the address listed on my
| profile, would be happy to send out an invite when ready.
| quickthrower2 wrote:
| Which is a good thing!
| closewith wrote:
| Unfortunately, you can't self-host the integration with Google
| Ads or Search Console, which locks anyone who relies on Google
| (or Facebook, Microsoft, etc) Ads into the use of Google
| Analytics/Ads tracking.
| quickthrower2 wrote:
| Why not? Can't you still pass the campaign information via
| the url?
| rambambram wrote:
| Congrats. We also chose to do the analytics ourselves. No
| tracking, no cookie banners, and probably better stats as well.
| One thing that Google did very cleverly was to only give GA
| users the search terms that visitors used to end up on their
| site.
| guelo wrote:
| Isn't the search term in the Referer header?
| Taywee wrote:
| Nope. They forward through an in-between that obscures it.
| They argue that because search results are personalized,
| being able to see the search terms can give you information
| about the visitor that can compromise their privacy. Google
| doesn't want anybody violating user privacy except for
| Google.
| mhitza wrote:
| If you get your site setup on Google Webmaster tools you
| will still have access to the search terms. Definitely
| not as precise as with GA, but should suffice. Unless you
| want to do per user funnel tracking starting from their
| search term. Which is pretty privacy invasive.
| closewith wrote:
| Not for many years. The only way to get Google search term
| data now is through the Search Console product, which
| integrates with GA.
| joshyi wrote:
| Same here. We've been using goaccess for years on a 300M hits a
| month. Self-host is the way to go for us.
| Rygian wrote:
| Self-hosting does not automatically make your analytics legal,
| on the other hand.
|
| Processing of your users' personal data is legal only in the
| few exceptional scenarios outlined in Article 6.
|
| https://gdprinfo.eu/en-article-6
| giobox wrote:
| Our definition of "exceptional scenarios" is clearly not the
| same... The list of scenarios in article 6 are common
| business operations covering a huge range of legitimate
| activities where processing might need to occur; there is
| little exceptional about them.
| Rygian wrote:
| Processing of personal information is unlawful except in
| the conditions listed in the article.
|
| So "exceptional" in the sense that they are exceptions to a
| more general rule, as of opposed to the sense of being
| extraordinary.
| leephillips wrote:
| Good. US citizens should be, at least, disappointed that their
| government is so bad at protecting their privacy, that US law is
| so far behind the times.
|
| To those companies and people who find these EU decisions
| baffling or inconvenient: tough. If you had had respect for your
| users this would not be an issue. You would already not be spying
| on them.
|
| To website visitors: if you see a cookie banner, the site is
| asking permission to spy on you. If that concerns you, close the
| tab.
| judge2020 wrote:
| > You would already not be spying on them.
|
| Can you point me to the part of the ban that says it's about
| protecting users from "spying in general" and not "protecting
| users from spying by US companies instead of EU companies that
| EU member states can obtain PII from at any time"?
| mhitza wrote:
| > "protecting users from spying by US companies instead of EU
| companies that EU member states can obtain PII from at any
| time"
|
| I want to quantify this quote. Each EU country can spy on its
| citizens to similar extent as 3 letter agencies from the US,
| but in a less analytical/big meta data way (part of it being
| the US brain draining EU countries for those working in
| tech).
|
| However, if EU country A wants to have access to its citizens
| user date on website X located in EU country B, is not an
| easy process; involving a strict judicial system between
| those countries.
| leephillips wrote:
| I think your logic may be a bit muddled, or I misunderstand
| your question (but, if I take it literally, my answer would
| be "no".)
|
| Not spying = not using GA = this ruling moot.
| dmix wrote:
| > To website visitors: if you see a cookie banner, the site is
| asking permission to spy on you. If that concerns you, close
| the tab.
|
| I'd love to see how often people do anything besides click okay
| anyway (I'd be very surprised if it wasn't 99%+).
| lolinder wrote:
| Unless there is a very simple "reject" button, I click okay.
| Between Firefox's native protections, DNS-level blocking and
| uBlock, I have a lot more confidence in my own protections
| than I do in their honesty, and it's not worth it to me to
| uncheck a bunch of boxes.
| tick_tock_tick wrote:
| If I thought the EU was doing this to protect privacy I'd be
| all for it. They really don't give a fuck as seen by ever bit
| of legislation they are pushing for. Yes I also do understand
| that the EU in general view privacy from the government as
| illegal rather then a right.
| SahAssar wrote:
| The EU has both enacted the most promising and some of the
| most backwards, stupid and regressive privacy laws. I'm
| guessing that it depends on what representative guides it and
| forms it through the various processes, and what the courts
| do with it. Overall I think they have moved the needle
| towards more privacy.
|
| > Yes I also do understand that the EU in general view
| privacy from the government as illegal rather then a right.
|
| That is absolutely not true, at least not by enough people
| for anyone to be able to make that sort of blanket statement.
| I'd also wonder what reasons you have for thinking that, it
| seems to me like all of the 5-eyes used each other to spy on
| themselves (besides all of the things done by normal police,
| various levels of federal police, etc.)
| whimsicalism wrote:
| An equivalent regulation to the one banning GA in the US would
| not ban GA because the data centers are in the US.
| stjohnswarts wrote:
| No one is asking for exactly the same law, just the same
| results: more privacy.
| scarface74 wrote:
| Yes "we care about privacy. But we also want a back door to all
| encrypted communications".
|
| https://appleinsider.com/articles/22/05/11/eu-plans-to-requi...
| 2OEH8eoCRo0 wrote:
| America is the LTS branch of Democracy.
| hallway_monitor wrote:
| Privacy improvements will be pulled in along with independent
| political parties in the next kernel update.
| baisq wrote:
| If a modern democracy requires an ever-growing government I
| think I will stick to Democracy Stable.
| tclancy wrote:
| Here in NH we have a group of people trying to compile
| their own. I never thought of them as distro hipsters, but
| it tracks.
| feet wrote:
| Europeans seem to have it pretty nice, social housing in
| Austria is absolute fire and enables incredible stability
| in the population
|
| In the US we put spikes on concrete so the dirty poors
| can't rest
| baisq wrote:
| Thinking that the situation of the majority of Europeans
| is the same as the propaganda that you read is a big, big
| mistake.
| jokethrowaway wrote:
| Europe is the place where you retire after you lived your
| life in the USA and earned some money. It's nice for
| holidays.
|
| The economy is dead here and governments have enough
| political willpower to keep leeching more and more money
| of the profit-making people and keeping these zombie
| countries alive for other 50 years before of the
| inevitable, USSR-style collapse.
| mxuribe wrote:
| Agreed i'm not interested in "ever-growing"...not for a
| distro nor a gov...but i am interested in an evolving one
| for the better - i.e. improve effectiveness, and reduce
| bloat if it adds nothing of value. ;-)
| takethat wrote:
| and global wealth.
| nix23 wrote:
| More like the bitrotting prototype ;)
| SkinTaco wrote:
| feet wrote:
| I think the support contract ended a while back
| peoplefromibiza wrote:
| more like the archived repository on Github
| googlryas wrote:
| Pragmatically, to what extent do you believe the European laws
| have protected Europeans above and beyond how American laws
| have protected Americans?
|
| Basically, what class of badness are Americans subjected to due
| to behind-the-times data protection laws, that Europeans are
| protected from?
| Adrox wrote:
| Have you heard of Robo-calls? Basically there are no Robo-
| calls in EU, because you can just add yourself to a
| Government no-call list. If any company doesn't respect that,
| they get a huge fine.
| jacooper wrote:
| European laws are pushing to end Chat providers control over
| social interactions(which is something that shouldn't be done
| for profit any way) in the Digital markets act, which forces
| big apps to provide federation APIs.
|
| The EU with the GDPR made an incentive to not use trackers,
| dont want that ugly tracker on your site ? Then stop selling
| data, that's why private analytics like Plausible and Umami
| have sprung to life. And also made it clear how much tracking
| is on the web.
|
| There is also finally a movement to let the US host
| everything because really, the US isn't trust worthy.
|
| So, the EU laws, gave better awareness about tracking, gave
| incentives to not use trackers, and is now working on
| improving the user experience by stopping the monopolization
| of social interactions.
| ApolloFortyNine wrote:
| It's possible for a company, which is seemingly providing you
| a service since you visited the site, to make money off a
| targeted ad in exchange for free video
| streaming/content/entertainment.
|
| The whole thing has always seemed overblown to me. Websites
| make much more money off targeted ads, allowing them to do
| things like allow anyone to upload a video of any length and
| quality for free. And view other videos people upload. In
| most cases it seemed to me like a fair trade to make. Yet as
| people point out all the time, technically a website isn't
| allowed to deny access to someone who refuses targeted ads
| (through the cookie pop-up), so they're essentially being
| forced to provide that user content at a loss. Untargeted ads
| are often worth 90% less or more than their targeted
| equivalent.
|
| Privacy privacy privacy though, as if someone at Google is
| manually looking through your history laughing at you.
| stjohnswarts wrote:
| Give me the option to pay more if it lets me get more
| privacy. Otherwise I keep using fake accounts, VPN,
| antifingerprinting methods, ad blockers, etc.
| trelane wrote:
| Some places do. Many German news sites have a "Pur"
| version you can subscribe to and not get ads.
| cm2012 wrote:
| You won't get a good answer to this because there isn't one.
| These no realistic, practical harm to people that this EU law
| is preventing.
| aliasxneo wrote:
| > To website visitors: if you see a cookie banner, the site is
| asking permission to spy on you. If that concerns you, close
| the tab.
|
| There was a recent ACM article on this. They found there was a
| large number of sites that don't actually ask permission for
| anything, they are simply informing you of the spying. Not
| surprisingly, the ones that did allow modifying cookies were
| all setup in a predatory fashion which discouraged the
| disabling of tracking.
|
| The whole system is broke at the moment.
| Swenrekcah wrote:
| It's because they're allowed to use the word "cookies" for
| it.
|
| If they were required to use specific wording, like for
| instance "injecting surveillance artefacts" people would
| probably care a bit more.
| gattilorenz wrote:
| Hardly. It's like the requests for administrative rights in
| Windows Vista, or the installers with many browser addon
| bars...
|
| Nice idea in theory, but if it's too frequent the awareness
| will, at some point, just disappear.
| aliasxneo wrote:
| Not necessarily. The team that wrote the ACM article did a
| small user-test using various versions of the "disable
| cookie" banner. In all cases they concluded that the user
| was indeed aware of the negative impact of cookies,
| however, the need to just "get back to the content" often
| overruled that distaste.
|
| Not surprisingly, the most effective banner they found was
| the one which had a single "disable all cookies" button. It
| was something like an 80% hit rate. So, people care, but
| not enough to dig into another prompt to uncheck a bunch of
| boxes. This is what the ACM writers referred to as
| predatory (abusing human nature).
| drstewart wrote:
| What about Australian citizens?
| BolexNOLA wrote:
| My buddy is a manager at a chemical plant, and your comment
| reminds me of a very astute statement he made recently.
|
| "I don't generally like unions. I've worked at both union and
| non-union plants. But anytime someone else complains about
| unions, I remind them that if they have a union at their plant,
| they earned it."
| feet wrote:
| Sounds like a manager's take on unions, at least he sounds
| somewhat reasonable. Good on him
| saas_sam wrote:
| When union plants are shuttered in favor of non-union plants,
| did they earn that too? Or does this logic only apply in one
| direction?
| tbihl wrote:
| Yes? Why wouldn't they?
| jrajav wrote:
| I think it's fair to say that most unions have been
| established as a sole result of proportional human effort,
| while the same cannot be said for the success of most
| businesses. There are many instances where an existing
| imbalance in power or resource ownership is a significant
| factor in a business' success.
| mattmcknight wrote:
| > To website visitors: if you see a cookie banner, the site is
| asking permission to spy on you.
|
| Or you know...count how many unique visitors they have and how
| to make the site more useful. Do you avoid using cookies on
| this site but still manage to log in?
| [deleted]
| leephillips wrote:
| Do you know the difference between cookies and a cookie
| banner? Do you understand why this site can have login
| sessions, and even keep track of the number of unique
| visitors, yet is not required to have a cookie banner?
| tensor wrote:
| Have you researched to know if this site is hosted on a US
| server? I wouldn't be surprised if it is and I also
| wouldn't be surprised if your IP address was additionally
| stored in a log somewhere for a period of time. In the US.
| Kovah wrote:
| Cookies needed to properly provide user authentication, i.e.
| user session identification, are counted as "technical
| necessary" cookies and do not need a cookie banner. You only
| need to ask for cookie consent, if you track visitors with
| third-party services. And, to counter your unique visitors
| claim: you don't need cookies, or any third party service,
| for that. Everything can be done locally without
| disrespecting user privacy.
| leephillips wrote:
| Exactly. HN doesn't need a cookie banner because they're
| not spying on their users. No barrier to keeping track of
| sessions.
| tensor wrote:
| If you feel this way I hope you do research before visiting any
| website at all, because you might accidentally connect to a
| server in the US and your IP address will be in the TCIP stack
| of that server and probably the logs too. US servers that are
| intended to serve US customers have no obligations to you.
| encoderer wrote:
| Well I'm not an expert but I think the main issue is that
| American citizens have protections that non-Americans do not.
| The government cannot spy on Americans without a court order.
| darknavi wrote:
| The word "spy" is so loose these days. I'd consider the vast
| swaths of metadata other companies compile on me "spying" to
| an extent.
| skrtskrt wrote:
| > The government cannot spy on Americans without a court
| order.
|
| Have I got news for you. Specifically at least 100 years of
| news.
| SahAssar wrote:
| Unless they have an intelligence sharing agreement with a
| nation that happens to pick up signals from americans, from
| who they can request that data. And maybe there exists a
| network to share the raw data, wouldn't that be convenient?
| Or you could have a secret court system (FISA) to bypass most
| of the protections normally granted by due process?
| sylware wrote:
| I don't understand.
|
| They can host locally the data and remotely query it.
|
| What's important is the "intelligence" the data does provide:
| giving critical and unfair advantage for those who have the whole
| data.
|
| For instance, microsoft has an unfair advantage almost anywhere
| because they have access to the whole linkedin database.
| jeroenhd wrote:
| European companies are not allowed to share PII with American
| companies. That goes for companies with a headquarters in the
| USA or subsidiaries that may be forced to share data thanks to
| laws like the US Cloud Act.
|
| Previously, the EU exempted the USA through an "adequacy
| decision". That was later deemed illegal under EU law as
| American laws could not guarantee the privacy of EU citizens to
| the extend the GDPR prescribes. Then the EU tried again, and
| again such a decision was also overturned in court. The EU is
| working on another attempt at letting the USA track PII of EU
| users, but until they do that again (probably for another few
| years) it's illegal to share PII with American companies in
| almost all situations.
|
| This is the third time a data processing agency has declared
| the use of Google Analytics illegal so it shouldn't really come
| as a surprise to those following tech news.
|
| What's important is that the data is PII and that it's going to
| a place that can't guarantee privacy to an acceptable standard.
| Business advantage is irrelevant. The intelligence the data
| provides is also irrelevant. European privacy laws serve
| people, not businesses.
| naet wrote:
| As more and more country specific legal regulations are raised, I
| wonder who will be the ultimate gatekeepers of the general
| internet when certain actors behave against the "rules". The
| current landscape is a complex system of seeming contradictions
| straddling different levels of public and private, centralized
| and decentralized, anarchical and moderated, etc.
|
| Will ISPs be forced to cut off traffic from certain areas? Will
| centralized companies like Google and Reddit be forced to comply
| with regulations or cut off services in certain areas? Will
| governments set up firewalls? Will the buck of responsibility be
| passed upwards to service providers like GA, or downwards to
| individual site administrators?
| UncleEntity wrote:
| Nah, they'll just slap them with a fine now again as a
| substitute for direct taxation and let them do what they do
| basically unchanged.
|
| Once the Europeans have to use a foreign proxy to see the
| regular internet, like the Chinese, then we will have a real
| discussion on online privacy.
| djbebs wrote:
| Have you tried to go to rt.com hany time recently?
| djbebs wrote:
| We already do.
| AdriaanvRossum wrote:
| Regarding forbidden countries, it's not forbidden in the
| Netherlands, yet. They will announce a verdict in a form of a
| report by the end of 2022 [1].
|
| To give people an option and pink something else over Google
| Analytics, I have built an alternative, Simple Analytics [2].
|
| It doesn't use cookies or any form of tracking and you get still
| the useful data that 80% of the website owners need.
|
| [1]
| https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/interne...
| (in Dutch)
|
| [2] https://simpleanalytics.com
| jeroenhd wrote:
| Worth mentioning that DPAs tend to work together to prevent
| conflicting laws across the EU. Following Austrian, French, and
| now Italian rulings, it's almost guaranteed that the Dutch
| authority will come to the same conclusion.
| aliswe wrote:
| What is a watchdog in this case, isn't it a non-governmental
| organization?
|
| in that case how can they ban anything and what does that mean?
| gruturo wrote:
| This is an English translation from "Garante" which is actually
| a stronger word - more like Guarantor. It is an official
| authority with teeth.
| etagate wrote:
| Exactly. Just to clarify, this is the authority responsible
| for those multi-million dollars fines against faang
| x0x0 wrote:
| It's likely a bad translation.
|
| The Italian SA is the Italian Data Protection Agency (DPA), one
| of the per-country European regulators
| https://ec.europa.eu/justice/article-29/structure/data-prote...
| . Which acts under the GDPR and predecessor data protection
| laws, and is very explicitly a governmental regulator.
| noneeeed wrote:
| Certainly in UK English we use watchdog to mean any
| organisation that has an oversight role, frequently government
| ones. For example the Financial Services Authority might be
| described as "the banking watchdog", it is very much a
| government agency.
| chrisseaton wrote:
| Why do you think watchdogs have to be non-governmental?
|
| For example:
|
| https://www.theguardian.com/technology/2022/may/05/uk-watchd...
| ryanmcbride wrote:
| I've been using clicky on a few of my sites and even though they
| _assure_ me that it's totally compliant with gdpr I don't really
| believe them, does anyone have a decent alternative for analytics
| that respects people's privacy? I just want to see when I get new
| vs returning visitors on a page. Cloudflare's analytics are okay
| but I like how granular clicky can get, but if there's no good
| way to do that I think I'm just gonna ditch clicky and make do
| with the cdn analytics. Hell, I bet the cdn already does
| everything I need and I just don't know how to use it right, or
| I'm not paying for the right tier or something.
| [deleted]
| ClumsyPilot wrote:
| matomo is something you can self host
| tensor wrote:
| Note that you must make sure that your host is not in the US
| as well.
| solar-ice wrote:
| There's several self-hosted solutions, as well as several
| GDPR-compliant SaaS solutions. They generally work pretty
| well; I've seen people set up, for example, Plausible, in a
| couple of hours on a cheap VPS.
| onphonenow wrote:
| At what point do operators just start blocking access from EU
| countries. It's hard to imagine its worth jumping through all the
| complexities here at some point.
| phatfish wrote:
| Bring it on. Anything that disconnects people from the American
| tech industry and encourages domestic competition is a good
| thing.
| panzerboiler wrote:
| Sure. Block access to 450 millions people because it is
| inconvenient to respect their privacy.
| reaperducer wrote:
| The last time I checked, the Google Analytics' Terms of Service
| explicitly prohibited its use on web sites involving healthcare
| companies.
|
| That gives you an indication of how invasive it is -- that even
| Google doesn't want to handle the personal information, because
| it can't be made HIPAA-safe.
|
| Naturally, the majority of healthcare web sites use Google
| Analytics, because nobody ever reads the Terms of Service.
| paulcole wrote:
| > The last time I checked, the Google Analytics' Terms of
| Service explicitly prohibited its use on web sites involving
| healthcare companies.
|
| You're missing a key part of the sentence you're remembering:
|
| > If you are (or become) a Covered Entity or Business Associate
| under HIPAA, you may not use Google Analytics for any purpose
| or in any manner involving Protected Health Information unless
| you have received prior written consent to such use from
| Google.
|
| Healthcare companies can absolutely use GA on their websites as
| long as the website isn't involving PHI or ePHI.
| zugi wrote:
| I use NoScript and block Google analytics, facebook, etc. It's
| nice that they use a domain separate from google.com, making it
| easy to block.
| leephillips wrote:
| Yes. I have all their analytics and ad network domains blocked
| in my hosts file.
| humanistbot wrote:
| From the article:
|
| > A website using Google Analytics (GA) without the safeguards
| set out in the EU GDPR violates data protection law because it
| transfers users' data to the USA, which is a country without an
| adequate level of data protection.
|
| > Upon expiry of the 90-day deadline set out in its decision, the
| Italian SA will check that the data transfers at issue are
| compliant with the EU GDPR, including by way of ad-hoc
| inspections.
|
| This follows similar decisions by France [1] and Austria [2].
|
| [1] https://iapp.org/news/a/cnil-is-latest-authority-to-rule-
| goo...
|
| [2] https://iapp.org/news/a/far-reaching-implications-
| anticipate...
| tmoneyfish wrote:
| I'm building my own open source analytics solution exactly for
| this reason.
| iLoveOncall wrote:
| Those decisions are good in theory, but in practice they will
| kill the free web.
|
| The only people that have the work power to put equivalent
| alternatives in place are the big corporations, that will anyway
| find a loophole.
|
| I run my small blog, and I can't spend days or even weeks to
| setup a subpar analytics solution. I won't even start talking
| about self-hosting an analytics solution which would probably
| double my monthly server cost for a website on which I earn 0EUR.
|
| In 2030, if we continue on that trend, websites will be in two
| categories: belonging to huge companies, or running illegally.
| It's baffling that people are applauding the end of the free web.
| freeone3000 wrote:
| Why does your small blog need an "analytics solution" in the
| first place, if you earn $0?
| iLoveOncall wrote:
| Because I want to know where my readers come from, which
| Google terms they searched, etc.? There's a million reasons
| to want to know stats like this without earning money...
| stevoski wrote:
| > which Google terms they searched, etc.
|
| GA doesn't tell you which terms they searched. They mostly
| stopped doing this in 2013.
|
| Google Search Console _does_ tell you the search terms, and
| without any tracking on your website.
| progman32 wrote:
| As a user, I don't want to give this info. I'm glad the EU
| is giving folks an avenue to express this preference.
| iLoveOncall wrote:
| I provide free tutorials and articles like this. If you
| don't want to provide this info then I don't want to
| provide you free content.
| olalonde wrote:
| That's the problem with GDPR. A lot of people are fine
| with this arrangement, but the GDPR is basically making
| it unlawful. GDPR is basically imposing the preferences
| of other people (e.g. progman32) on us.
| cardosof wrote:
| Hindsight is 20/20 but wasn't it clear that the company selling
| ads shouldn't be in charge of metrics for traffic and ads? Just
| like the TV channels had to rely on media rating firms.
| badkitty99 wrote:
| youngtaff wrote:
| Not sure an ad company should he in charge of a browser either
| cardosof wrote:
| Oh and don't forget a major OS
| openplatypus wrote:
| While I should be happy with narrative (I run
| https://wideangle.co, GA alternative), let's be honest. It not
| banned. Nor is it illegal.
|
| It is illegal to use it in such a way that results in Personal
| Data being siphoned to the US.
|
| Is it hard? Yes. Outright illegal? Nah.
| stevoski wrote:
| It is good to see a GA competitor not resort to FUD as a
| marketing tool.
| nwellnhof wrote:
| What's really puzzling is that Google Analytics never got banned
| because of antitrust laws. It's the most obvious example of
| predatory pricing I've ever seen. How is a smaller company
| supposed to compete against a free product?
| Wowfunhappy wrote:
| Doesn't predatory pricing mean "we dropped our pricing below
| profitability in order to kill competitors (and presumably
| raise our own prices once they're dead)"?
|
| I think you'd have a _very_ good case against Amazon, and
| probably Uber /Lyft, and I've long wondered why no one sued
| them over it. But in Google's case, Analytics is profitable for
| the same reason Youtube is profitable--Google makes money off
| the data they gather.
| permo-w wrote:
| I did hear this in about 2014, so it could well have changed,
| but I thought Youtube wasn't profitable, or at the very most
| barely profitable
| vkou wrote:
| One broad view is that anti-trust is supposed to protect
| _consumers, not competitors_.
|
| If a competitor can't produce a quality product that people
| will pay for, consumers aren't being harmed by the prevalence
| of a free good-enough product.
|
| In a consumer-protection world where a free and open source
| Linux had 98% market share in the OS market, Microsoft or Apple
| would have no leg to stand on to sue its developers over anti-
| trust. In a competitor-protection world, they would.
|
| The US views anti-trust through a very consumer-focused
| lens[1], the EU _sometimes_ views it through a more competitor-
| focused one.
|
| [1] This doesn't mean I agree with it, and there are obvious
| problems with trying to prove harm in a court of law, if no
| alternative exists.
| scarface74 wrote:
| If we enforced a law that said no product can be sold at a
| loss, we would get rid of almost every single startup and many
| recently IPOd former unicorns,
| tantalor wrote:
| Lots of ways? Better features, better support, better
| performance.
|
| If you can't beat the free offering, then go home.
| reaperducer wrote:
| _If you can 't beat the free offering, then go home._
|
| In the real world of physical goods, there are laws against
| this. But Google's a tech company, so anything goes.
| minsc_and_boo wrote:
| Which real world country?
|
| In the U.S. most antitrust law is based on protecting
| what's best for the consumer, not protecting the
| competition from a free alternative.
| foota wrote:
| It's not illegal to give things away for free unless it's
| dumping.
| reaperducer wrote:
| _It 's not illegal to give things away for free unless
| it's dumping._
|
| Which is exactly my point.
|
| "[Dumping] occurs when manufacturers export a product...
| at a price below the normal price with an injuring
| effect. The objective of dumping is to increase market
| share in... by driving out competition and thereby create
| a monopoly situation"
|
| https://en.wikipedia.org/wiki/Dumping_(pricing_policy)
|
| That's exactly what's happening here.
|
| Google prices Analytics at $0 to prevent any competition
| from starting up.
|
| While an argument can be made that Google doesn't need to
| charge money for the product because that cost is made up
| in other areas, there is no way of knowing that, because
| those costs are not public. We don't know if it's fully
| made up by other means, or partially made up by other
| means, or not at all.
|
| Like you, IANAL, but it's my understanding that legally,
| it's not about the price, it's about the intent.
| wvenable wrote:
| > Google prices Analytics at $0 to prevent any
| competition from starting up.
|
| It's not dumping because, in the absence of any
| competition, the price hasn't changed. It just turns out
| the market price for this service is $0.
| quickthrower2 wrote:
| I would say it has more in common with the Microsoft
| antitrust case. In that they gave IE away for free.
|
| I think you can show Google has monopoly on search and
| search data and GA is the only analytics allowed to
| connect with that.
|
| Is it dumping? Yes. They don't intend to raise the price,
| but they get paid not in cash but in terms of increasing
| their monopoly by having so much data on us.
|
| Now a lot of things are like this (anything where you
| give your email for a discount code). But they are not
| intended to get a global monopoly or make it impossible
| for anyone else to do business competing with you.
| xboxnolifes wrote:
| > It just turns out the market price for this service is
| $0
|
| You can't come to this conclusion until you prevent
| Google from using the acquired data to improve their ad
| service.
| jokethrowaway wrote:
| What a horrible law.
|
| The market should just create a better solution or find
| investors to call the bluff of the offending company and
| make even more money
| raviparikh wrote:
| I co-founded a company called Heap that competed against Google
| Analytics and we were quite successful. Amplitude, Mixpanel,
| and others have also done so. GA's free pricing was not really
| a big issue for us and customers were very willing to pay 6-
| and 7-figures for a differentiated quality product.
| Nagyman wrote:
| Loved Heap (Analytics?). I advocated for it while working at
| my previous employer :) I think we were early customers. At
| the time, its automatic tracking of all events was a godsend
| compared to hooking up specific tracking after the fact using
| GA events.
| plandis wrote:
| The US should economically retaliate.
|
| GDPR and these other regulations in the EU exist because EU
| cannot stomach the fact that they got beat on tech and instead of
| innovating they are regulating to try and even the playing field.
| gnuj3 wrote:
| Hmmm, or maybe they exist because EU has a little bit more
| respect for privacy of its citizens than US?
| calibas wrote:
| If I understand this correctly, the issue isn't Google Analytics
| specifically, but "because it transfers users' data to the USA,
| which is a country without an adequate level of data protection".
|
| So this could also apply to any company that sends PII to the
| USA?
| solar-ice wrote:
| At present, there is no legal basis for a company covered by
| the GDPR to send personal data to the US or a US-owned company.
| The US needs to repeal the CLOUD Act, and maybe one or two
| other things, in order to make this situation work again.
| minsc_and_boo wrote:
| Is that for US- or Italian-based users? What if this is an
| Italian company running a global website with data from non-
| GDPR country users?
| jakubp wrote:
| GDPR covers EU citizens. I don't think it says anything
| about non-EU citizens.
| quickthrower2 wrote:
| Which is nebulous: someone whose grandad was Italian
| living their whole life in the US might be a defacto EU
| citizen.
| solar-ice wrote:
| You can find the scope of the GDPR in Article 3 of the
| GDPR: https://gdpr-info.eu/art-3-gdpr/
|
| Read these as individual clauses; the Regulation applies if
| any one of them is met. An Italian company serving
| customers anywhere in the world is covered by the first
| clause.
| throwawayjun21 wrote:
| everyone should avoid google products/services like a cancer.
| takethat wrote:
| anyone runs self hosted matomo/piwik instance for analytics?
| hbfdhfdhadfhnfa wrote:
| Meanwhile, COVID-19 certificate app for Czech Republic citizen's
| uses Google Analytics. We are not the same. Good job Italy!
| lmkg wrote:
| This is consistent with decisions from the Austrian and French
| data protection authorities (DPAs). Note that Google is a
| _Processor_ (for this product), meaning that Google itself does
| not violate GDPR, but only the websites that use it.
|
| Following the Schrems II case, the "threat model" used by EU
| courts on these matters is "American law enforcement can serve a
| warrant to American companies." Long story short, any processing
| that Google does _after collection_ is not considered to offer
| any protection, because American law enforcement can just tell
| them not to do that and they won 't. Hence, the "Anonymize IP
| Address" setting in Google Analytics is not considered to have
| value for GA.
|
| It might theoretically be possible to use GA compliantly by
| proxying data through an EU-owned service which obfuscates
| anything considered personal data, at minimum the IP address and
| various cookie values. This scenario hasn't been confirmed by
| anyone as compliant, but the regulators seem to always go out of
| their way to dance around it rather than just saying "GA is non-
| compliant, always, forever." Still, for the trouble to set up
| such a service you might as well just stand up a self-hosted
| first-party analytics solution.
|
| This particular decision on GA is purely about the cross-border
| transfers, and doesn't seem to touch on whether using cookies for
| analytics requires consent. That's a separate issue (technically
| about a separate law).
| V__ wrote:
| > meaning that Google itself does not violate GDPR, but only
| the websites that use it.
|
| This is so baffling to me. Google has subsidiaries in the EU.
| The fact that it's ok to give a product to a EU client which
| can't be used in accordance with the law, and the client is
| responsible, is just idiotic.
| humanistbot wrote:
| To be compliant, Google can just set up data centers specific
| to GA in one of those EU subsidiaries, so GA admins can
| choose to have their visitors' data stored only in an EU data
| center (and promise to not transfer that data to the US).
| This wouldn't be that hard to do.
| nisegami wrote:
| It really makes no difference where the data is stored once
| it's accessible by a US company:
|
| "The CLOUD Act primarily amends the Stored Communications
| Act (SCA) of 1986 to allow federal law enforcement to
| compel U.S.-based technology companies via warrant or
| subpoena to provide requested data stored on servers
| regardless of whether the data are stored in the U.S. or on
| foreign soil."
|
| from https://en.wikipedia.org/wiki/CLOUD_Act
| shadowgovt wrote:
| Building out the infrastructure necessary for Cloud to be
| compliant with region-stored data was a multi-year project.
|
| Huge swathes of Google's architecture (especially its
| legacy architecture) have deeply-ingrained location-
| agnosticism assumptions. It turns out to be extremely
| complex and expensive to remove those assumptions given the
| way Google handles data once it hits their datacenter
| fabric.
|
| (Not impossible, mind, just that this assertion that it
| wouldn't be that hard to do is in "I could build Twitter in
| a weekend" territory).
| robin_reala wrote:
| It's coming up to a decade since Schrems I, six years
| since GDPR, and four years since enforcement of GDPR. For
| a company like Google the writing has been on the wall
| for a lot longer than a weekend. They've simply been
| gambling that they can get away with it, and now that
| argument is collapsing.
| shadowgovt wrote:
| Oh, no doubt. They've 100% been gambling that they could
| get away with it. The GDPR has deviated increasingly from
| what their leadership assumed would be a reasonable
| position (it continues to drift from the American
| centroid belief on who owns what data; for Americans, the
| notion that you can use other people's computers without
| them keeping records of how you used their computers is
| kinda weird, and Americans lack the direct historical
| experience to have the kinds of concerns about mass-
| citizen-tracking that Europe does).
|
| My prediction is that as things move forward, they're
| going to find it isn't worth their money to offer
| Analytics for European customers if the GDPR continues to
| make that more onerous (especially since the monetization
| story of Analytics for Google is so threadbare) and just
| offer it for customers in other countries while Europe
| does its own thing. Win-win.
| openplatypus wrote:
| As mentioned by other commentators, this is not enough.
| Schrems II ruling exposed the risk here. If servers are in
| EU but are undereffective control (even via proxy) of
| country with inadequate control (US, RU, CN), then you
| can't use data location as argument.
| MrQuimico wrote:
| The problem is not only the geo location of the
| datacenters. As long as these subsidiaries are under the
| control of a USA corporation, this is illegal, since the
| USA corporation can be requested by the USA gov to share
| any data they may have not matter where it's stored. Only
| options are a 100% GDPR compliant solution (European or
| from a country with similar laws) or self-host. Hopefully
| another Privacy Shield like agreement will be in place
| soon.
| ClumsyPilot wrote:
| > another Privacy Shield
|
| its real name should have been privacy hole
| dylan604 wrote:
| It wouldn't be hard for Googs to do this on their own so
| that they comply with the rules/laws in the markets they
| are operating vs giving it to the end user as an option in
| the configs. Most people using GA probably wouldn't know
| what any of that meant anyways. They just want the numbers
| so their marketing people can tell them what to do next.
| I'm talking the people running sites on Wix type sites vs
| having an actual dev team that can push back against a
| marketing department
| gostsamo wrote:
| No, they can't as far as I get it. The american cloud act
| entitles US law enforcement to serve orders to US companies
| and their foreign branches. So, if you are american with a
| company in the EU, the important part is that you are an
| american, not that the company is in a foreign
| jurisdiction.
| tempestn wrote:
| Perhaps Google could license a third party in the EU to
| host analytics for EU customers?
| gostsamo wrote:
| This is an option. I saw somewhere a news that they might
| license the entire GCloud to a French provider but I
| can't remember where and when.
| ohand wrote:
| You're remembering this announcement from last fall: http
| s://www.thalesgroup.com/en/group/investors/press_release.
| ..
| closewith wrote:
| Yes, specifically the CLOUD (Clarifying Lawful Overseas
| Use of Data) Act, which was enacted following a case in
| 2014 where Microsoft refused to hand over emails stored
| in the EU (Ireland, in that case) on foot of a domestic
| US warrant.
|
| The CLOUD Act expressly brings data stored by US-based
| companies anywhere in the world under the purview of US
| warrants and subpoenas.
|
| https://en.wikipedia.org/wiki/CLOUD_Act
| gretch wrote:
| What about Italian websites that serve customers outside of
| Italy?
| V__ wrote:
| If they serve customers outside the EU, then they should
| comply with those laws or not serve them at all.
| leephillips wrote:
| I don't find it idiotic. It was the client's decision to spy
| on its users. I have no sympathy for companies who make that
| decision.
| V__ wrote:
| > It was the client's decision to spy on its users.
|
| Calling it spying is a little far-fetched I think, when the
| problem was the transfer ip addresses to US servers, not
| Analytics itself.
| leephillips wrote:
| Like most people, I have an IP that is unique to me, and
| will be for weeks, maybe months, until some event causes
| my ISP to assign me a new one. Google can track and
| correlate my activity across all the websites that I
| visit that happen to use GA. In this way they can build a
| profile. If I used Gmail, they could include information
| from the content of my email, which they admit their
| computers examine. With enough data it would be a simple
| matter to detect when my IP changed, and continue to
| amass the profile. If this isn't spying, then nothing is.
| V__ wrote:
| Oh, I think I wasn't clear. I meant saying that the
| client is deciding to spy is a bit far-fetched. Google of
| course.
| rattlesnakedave wrote:
| It was the client's decision to use the service.
| leephillips wrote:
| Which is a decision to spy on the users.
| pessimizer wrote:
| Why do you have to be sympathetic to the client in order to
| also condemn Google? If someone was selling bleach as a
| cure for autism through a network of distributors, do you
| have to be sympathetic to the distributors in order to
| condemn the manufacturer?
| cm2012 wrote:
| Another decision in a long stream that will make it much harder
| for EU start-ups companies to catch up to American ones. With
| absolutely no improvements to actual EU citizen well being.
| peoplefromibiza wrote:
| or maybe EU is starring to rely on their own startups.
|
| If I had to chose an analytics software for a customer's
| website, I'd chose someone in EU for the sole reason that it
| would be compliant in both EU and the rest of the World.
| nathanaldensr wrote:
| Maybe a race where the finish line is _maximum exploitation of
| the digital population_ isn 't a race worth running.
| iLoveOncall wrote:
| Sure, because we live in the world of Care Bears.
| waffleiron wrote:
| So lets legalise child labour? Get rid of OSHA?
|
| Where you draw the line is cultural and personal, so don't
| dismiss things like this so easily.
| jimnotgym wrote:
| Isn't this an opportunity for EU startups? By choosing to
| enforce the law on US companies that EU companies are already
| generally very compliant with, surely the EU has levelled the
| playing field for EU companies?
| jeroenhd wrote:
| I can already see the taglines: "ConsentCo, tracking that's
| legal in the EU, unlike Google Analytics"
| cm2012 wrote:
| A little advantage for EU analytics startups, disadvantage
| for all other EU startups and SMBs who have less options for
| figuring out what users like about their website and
| offerings.
| YetAnotherNick wrote:
| So due to this legislations it is more costly/less profitable
| for a company to have a European customer compared to US
| customer. Things like GDPR/lawsuits/bad PR etc. doesn't come
| for free for companies. So if some startup has more ratio of
| European users it is at a disadvantage.
| AdriaanvRossum wrote:
| It is. Most startups in the EU have to use more and more
| businesses in the EU. The selection is little, so way more
| changes to succeed if your EU based and serve both markets.
|
| I run Simple Analytics [1], which is a privacy-first
| analytics business from the Netherlands. I see a lot of
| business from the EU just because we are from the EU as well.
|
| [1] https://simpleanalytics.com/?ref=hn
| louhike wrote:
| The CNIL in France is really pushing companies to not use Google
| Analytics, and you better listen to them here. It seems US
| companies should really make changes to how they host/manage data
| to be able to able to work in EU in the near future. (It isn't a
| criticism, simply an assesment).
| f1refly wrote:
| There's nothing US companies can do to make themselfes legal to
| use here. The legal framework in the US allows dragnet spying
| on every non-american and american companies are forced to
| participate in that effort.
| jeroenhd wrote:
| They're perfectly legal if they don't process any PII. If a
| US company serves static content there's no need to fear the
| EU; they'll just have to disable illegal external
| integrations like Google Analytics/Fonts/etc.
|
| A company doing business with other companies might find
| themselves in a position where they can comply perfectly. Not
| every company needs to collect PII, though these days every
| company likes to pretend they do.
| la64710 wrote:
| This kind of ridiculous laws do not understand the boundless
| nature of internet. If you want to protect privacy of netizens
| simply make a universal law instead of having different laws in
| different countries.
| adfm wrote:
| Since the Internet is not a fiefdom, universal law is moot.
| Nation states will draft tracking laws that are only only
| enforceable through tracking in an attempt to gain their slice
| of authoritarian pie. Pointing to the Google or US is typical
| strawman BS and gives people a false sense of security because
| they should assume everyone, not just the Google, is tracking
| them. Getting people to own their data is an uphill climb, but
| is ultimately what will curb the negative behavior we're
| witnessing.
| pessimizer wrote:
| Other countries may not want to protect privacy at all.
| Italians are making rules to protect Italians.
| IncRnd wrote:
| How does one "simply make a universal law"?
| tgv wrote:
| I'm afraid it does understand the boundless nature of the
| internet, and it wants the owner of the server to do something
| about it.
| rkagerer wrote:
| These guys are my heros
| corywatilo wrote:
| Italy is the 4th in a string of recent decisions across the EU.
|
| (We're tracking these cases on isgoogleanalyticsillegal.com along
| with details for each.)
|
| Note that it's not illegal to use GA entirely, just illegal to
| use in its default state which transmits PII to the US.
| stingraycharles wrote:
| That is an extremely important nuance which is not obvious from
| the title.
| [deleted]
| minsc_and_boo wrote:
| Isn't it already against Google Analytics' policy to put PII in
| the platform to begin with?
|
| https://support.google.com/analytics/answer/6366371?hl=en#zi...
| rgbrenner wrote:
| Gdpr uses a more expansive definition of personal data, and
| it includes the IP address and geolocation data, for example.
| [deleted]
| [deleted]
| [deleted]
| [deleted]
| [deleted]
| [deleted]
| lmkg wrote:
| > just illegal to use in its default state which transmits PII
| to the US
|
| As I mentioned in a sibling comment, this is technically true
| but complying with GDPR takes more than unchecking a few boxes.
| I've never seen any GA set-up that would remotely approach
| compliance. At minimum, you need to mask IP's _before_ they
| reach Google, which means standing up a non-Google server to
| proxy all the hits. That is more complexity than 99+% of GA
| installations.
| naet wrote:
| My current understanding of google analytics and GDPR
| compliance is that you can use it in a GDPR compliant manner
| without that much trouble. On the older UA there is a simple
| flag that enables IP anonymization and on the new GA4 there
| is purportedly no need for it as they don't collect or store
| the IP at all.
|
| For many clients I have set up a cookie compliance tool like
| Onetrust, which blocks loading of GA and other scripts with
| one of the consent popups. With this combined configuration
| (and having verified nothing sneaks through before someone
| gives consent) most company legal / compliance teams I have
| worked with have deemed this to be a fully compliant setup.
| Of course, this might not be actually compliant, but the
| company legal team has done some research and arrived at this
| as the most advantageous position currently available.
|
| I think using a compliance based tool like Onetrust also
| gives a sense of legal security in that if our configuration
| is properly set up they are advertising that we then get
| compliance as part of their service, and so responsibility of
| a violation could potentially be passed to them in a legal
| setting.
|
| ref:
| https://support.google.com/analytics/answer/2763052?hl=en
| majewsky wrote:
| > For many clients I have set up a cookie compliance tool
| like Onetrust
|
| Every time I've seen a cookie popup from Onetrust, it was
| obviously illegal because "Reject all" was not the easiest
| option. It's fine if "Accept all" is as easy as "Reject
| all", but nothing is allowed to be easier than "Reject
| all". Have they fixed that yet?
| jeroenhd wrote:
| I'm not so sure your take on IP address anonymization. The
| source states: The Italian SA found that
| the website operators using GA collected, via cookies,
| information on user interactions with the respective
| websites, visited pages and services on offer. The
| multifarious set of data collected in this connection
| included the user device IP address along with information
| on browser, operating system, screen resolution, selected
| language, date and time of page viewing. This information
| was found to be transferred to the USA. In determining that
| the processing was unlawful, the Italian SA reiterated that
| an IP address is a personal data and would not be
| anonymised even if it were truncated - given Google's
| capabilities to enrich such data through additional
| information it holds.
|
| The Google documentation says: The IP-
| anonymization feature in Universal Analytics sets the last
| octet of IPv4 user IP addresses and the last 80 bits of
| IPv6 addresses to zeros in memory shortly after being sent
| to Google Analytics.
|
| IANAL but I'm pretty sure the IP anonymization setting is
| no longer an acceptable way of getting GDPR compliance. It
| may have been acceptable under Austrian or French ruling
| before, I don't know about those, but from 90 days from now
| you'll have to explicitly require consent for _at least_
| all Italian users.
|
| As a side note, OneTrust has the worst of the worst cookie
| banners, to the point that I no longer even open websites
| that have that crap installed. It's also illegal by making
| it harder to reject tracking than to opt-in, there just
| haven't been any specific lawsuits about this party yet.
| closewith wrote:
| That's a very common implementation of serverside GTM/GA in
| the EU. If you advertise, you'll still be sending GCLIDs,
| though.
| Nextgrid wrote:
| If only ad clicks send back tracking parameters (and
| nothing else) it might actually fall into legitimate
| interest.
| closewith wrote:
| The current issue isn't the lawful basis for the
| processing, as compliant companies already only use
| Google Analytics once they have consent. The issue is
| that without an adequacy decision from the EU to allow
| data transfers to the US, and with the global reach of US
| authorities thanks to the CLOUD Act, there's no way to
| keep personal data safe from US law enforcement.
| [deleted]
| clairity wrote:
| i'd support any legislation that booted google, fb, ms, adobe,
| salesforce, and a whole host of other surveillance tech
| companies from any and all levels of government. it's literally
| as important as the separation of church and state. in fact,
| i'd love to see a constitutional amendment explicitly
| separating corporate interests from governmental ones, in all
| facets of civic life (e.g., campaign finance).
| hulitu wrote:
| They tried with the church and did not succeed. Why do you
| think they can succeed with SW.
| saiya-jin wrote:
| Not only state... I see absolutely 0 reason for my swiss
| ebanking in the secured web interface to se google analytics
| and similar trackers. I can clearly see them being blocked by
| the likes of ublock origin and ghostery in my firefox. Why
| the f*k should google know where I go in such private matters
| (and there are tons more, ie if you are lgbtq+ in one of the
| many restrictive locations, have some less mainstream
| political preferences etc.). The data once acquired have no
| reason to be deleted, ever. Too juicy info, and 7 billion
| humans is not that large group to aspire to track.
|
| I get why google et al want it for their growth/sales, but
| they are a private entity not owning internet in any way,
| extremely foreign to Europe with no clear friendly
| intentions. One of few times I can say I am proud to be
| living on old continent.
| clairity wrote:
| exactly, we need to decentralize power, and knowledge
| (information) is power. it seems innocuous when we each
| leak a little here and there, but surveillance tech is
| vacuuming up every tiny bit of it.
|
| living in europe doesn't much matter, given the reach of
| these companies and their interweaving into government
| systems, along with reciprocal surveillance agreements
| (however-many-eyes countries).
| adamrezich wrote:
| > in fact, i'd love to see a constitutional amendment
| explicitly separating corporate interests from governmental
| ones
|
| I don't think you comprehend the scope of what you're
| suggesting.
|
| I work for a school district and I'm currently migrating our
| system from using one commercial bus routing service to
| another... using Windows, SQL Server, Teams, etc. from
| Microsoft... using a laptop, dock, three monitors, keyboard,
| and mouse from HP... and today the elevator was broken so we
| called a repair company to come fix it... oh, and some
| company makes the school buses, and the networked phone on my
| desk, and the printer around the corner, and all of the paper
| in it... the fluorescent bulbs above me don't grow on
| trees...
|
| you can't just expect governments, even at the national
| level, to roll their own _everything_ without interfacing
| with corporations in any way--this is a hopelessly naive view
| of the world. I am just as uncomfortable as you are with data
| being shared with corporations, but you 're going to have to
| figure out a more realistic set of political goals than what
| you've outlined here.
| clairity wrote:
| it's not really aimed at governments, so much as
| corporations that feel entitled to sneak in ancillary
| interests into their products, like surveilling the public.
| basically, it's to force companies like microsoft to remove
| all that other shit and provide just the core software, if
| they want access to government largess. this has beneficial
| externalities for us, the residents of said governments.
| adamrezich wrote:
| sure, and like I said, I agree completely. but you can't
| just say "i'd love to see a constitutional amendment
| explicitly separating corporate interests from
| governmental ones", unless you're proposing that all
| corporations should be state-owned and -operated, and
| that's not really a viable solution, plus it introduces a
| whole host of other problems.
|
| but even if you just mean to say "government should not
| share citizens' data with corporations", well, there are
| presently two (until our license with one is up at the
| end of summer) separate corporations that both know where
| every kid in my school district lives, what their special
| ed needs are, what their parents names are, what their
| parents' contact information is, if they live between
| multiple households, and so forth, because that is the
| explicit purchase of their business, and that why we
| purchased their software. the same goes for another piece
| of SaaS we recently purchased a license to involving food
| service management for the school system. when designing
| the data export we opted to not follow the part of the
| schema that wants SSNs for the students (because why
| would they need that?!), but that might not be the case
| for other districts using the same software.
|
| my point is there are a lot more interconnected corporate
| software services sharing citizen data at play in
| contemporary government systems than you probably think,
| and, once again, even though I agree with your position
| with regards to sharing citizen data with corporations...
| I think that ship might've pretty much sailed sometime in
| the past few decades.
| clairity wrote:
| i wrote a few sentences on a large civic concept, not a
| treatise, so let's not jump to ideological conclusions
| quite yet.
|
| but yes, i'm explicitly against governments sharing
| private data with corporations, no matter how convenient
| it might seem to be for workers. governments have run for
| centuries without those conveniences, so it's not a
| dichotomous choice of share all the data or not have
| schools (for instance). a lot of data sharing is driven
| by the misguided desire to control (that is, to
| centralize power), whether it be teachers, students, or
| administrators, not for actual educational outcomes,
| despite the latter being the nominal impetus.
| adamrezich wrote:
| > a lot of data sharing is driven by the misguided desire
| to control (that is, to centralize power), whether it be
| teachers, students, or administrators, not for actual
| educational outcomes, despite the latter being the
| nominal impetus.
|
| I have yet to see this occur. instead, it's all about
| bureaucratic convenience. why hire more people for
| Student Transportation to keep bus routes straight, and
| deal with printing out & distributing paper passenger
| lists to bus drivers, etc. etc., when you could use a
| piece of software to handle it all for you? nobody at the
| bureaucratic levels we're talking about here care about
| hoarding personal information for power or centralization
| or anything like that, it's purely for convenience and
| streamlining of bureaucracy.
|
| one might say, ok, sure, but why does it have to be a
| third-party SaaS that you're SFTPing data back and forth
| with, why can't it just be a traditional piece of
| software that you install and manage locally? again:
| convenience, for all involved. that's one less thing for
| our sysadmins to worry about dealing with, and when you
| get enough of these things then you'll need to hire and
| retain more sysadmins (who we're frequently cycling
| through as is due to failure to compete with corporate
| salaries). the software developers of the third-party bus
| routing software don't have to worry about platform
| compatibility if the platform they're targeting is the
| web. parents can easily log into the website to see their
| child's bus routes and if they're delayed or whatever
| (apparently this is a real thing real parents demand...).
| but also, hey, we're already using Office 365, so "what's
| a few more SaaS solutions to problems we have, at this
| point?"
|
| what I'm getting at here is the rise of SaaS and the fall
| of self-hosted solutions to things like this is pervasive
| everywhere in the corporate world, so if you don't want
| your tax money "wasted" on even keeping school district
| student data in-house and secure, this is the world we
| have to live with now. I'm not saying it doesn't suck
| ass, another piece of software we replaced is all web-
| based (albeit locally-hosted) and strictly inferior to
| the end-of-life Java-based software it is replacing.
| software kinda just keeps getting worse, and the further
| stratification of everything into SaaS is definitely not
| good in the long run. but... that's the current state of
| things everywhere, so why should government be any
| different?
|
| if this bothers you about public schooling in particular,
| then the solution (which I'll likely be doing, but not
| for this reason) is homeschooling your kids. then their
| data is only stored in the district database and only
| transmitted to and from the state and local governments,
| for reporting purposes.
|
| but more broadly speaking, what's the use in calling out
| governments transmitting personal information to
| corporations when corporations are already taking so much
| of your data themselves? I bought my fiancee a hat with a
| soda logo on it last week and she was getting ads for
| that specific soda the next day. how it happened, I have
| no idea. shortly after I moved back to my hometown, I
| picked up some groceries for my mom _using her credit
| card_ , including a can of Red Bull I got for myself, the
| first I'd had in months. later that day, ad for Red Bull
| on my social feeds, first I'd seen... in months. whenever
| I buy booze, I get (different) booze ads on Twitter for
| days--when I don't buy any booze for awhile, the ads
| stop.
|
| there's already so much personal information being
| trafficked between corporations everywhere without our
| consent, what makes the government sending it to
| corporations for legitimate purposes so specifically
| offensive? maybe I'm being too cynical but it seems like
| the genie's just kind of out of the bottle now for
| personal data in general. TFA is sticking a finger in one
| of many finger-sized holes in the hull of a ship which is
| sinking mostly not due to the finger-sized holes but to
| the person-sized ones that we're just kinda ignoring.
| dragonwriter wrote:
| > i'd love to see a constitutional amendment explicitly
| separating corporate interests from governmental ones
|
| How is that possible, since corporations are, by definition,
| creations of government through law?
| clairity wrote:
| i mean, that's like asking how is it possible to
| compartmentalize anything. as elaborated elsewhere, it
| isn't about literally separating all interests, just those
| that harm the public. it's about removing the negative
| externalies that companies like google impose on us via
| such government contracts.
| ta_5628952 wrote:
| > just those that harm the public
|
| But it's not that simple. What harms the public? Many
| would argue being able to use data google collects
| (legally through subpoenas or grey-legally through any of
| the number reports that have come out since Snowden)
| helps government agencies by increasing public security--
| thus the opposite of harm. Being
| clairity wrote:
| in that case, it's pretty simple. the snowden leaks
| elucidated the government's desire to create a
| surveillance state with the help of corporations, not
| that a surveillance state would be a net-good for
| society.
| skrebbel wrote:
| FWIW I think the "church and state" analogy is genius, it
| totally resonated with me. I'm going to steal that!
| abarwick wrote:
| This is just naive. Government offices/agencies are so
| tightly coupled with packages like office 365 that forcefully
| separating them would require home built solutions which
| would always be terrible, less secure, and more expensive to
| the tax payer. There's a lot of good these products can
| provide, granted they are properly audited and have high
| security requirements.
| einpoklum wrote:
| > are so tightly coupled with packages like office 365
|
| Are they though? Do you know this for a fact? I mean, sure,
| MS Office is very popular in government settings, but does
| this really go beyond the possibility of just replacing it
| with LibreOffice if they so decided?
| TurningCanadian wrote:
| Sharing a link to a document that others can edit in the
| cloud is much more convenient than emailing around a
| _final_v3(2).docx document.
| abarwick wrote:
| I obviously can't speak for all, even most, but back in
| my consulting days I can say the many US federal and
| state agencies use Azure AD and a litany of AWS services
| that are core to vital work streams. Enough that having
| to shut them down would neuter the department.
| daniel-cussen wrote:
| Russia has that. Just typewriters and stationary.
| jcelerier wrote:
| Idk here in France there are cities and state-wide
| administrations with free/libre stacks based on Linux,
| LibreOffice, Zimbra and others and things seem to
| JustWork(tm). For instance the french Gendarmerie, the
| cities of Rennes and Arles...
| spoonjim wrote:
| Are there any high functioning large companies that use
| Linux/LibreOffice/Zimbra? I suppose governments rarely
| aspire to be high functioning.
| pyrale wrote:
| Arles is getting suckered by Microsoft, sadly [1].
| Unfortunately all it takes is one idiot to get in office
| once to kill this kind of successful initiative that has
| been running for almost two decades.
|
| [1]: https://larlesienne.info/2022/02/22/la-municipalite-
| de-carol...
| clairity wrote:
| ah, the _ad hominem_ , never a good sign for the proceeding
| argument.
|
| there are a number of other office suites that are entirely
| adequate for bureaucratic organizations to build methodical
| processes around (which is what bureaucracies do). the
| capabilities of the underlying tools don't matter much in
| this regard.
|
| also, audits aren't meant to prove anything (like
| security), but instead to shift liability.
| scarface74 wrote:
| The average large organization uses over 100 SaaS
| products
|
| https://www.statista.com/statistics/1233538/average-
| number-s...
|
| I would love to see you replace all 100 of those with
| open source software.
|
| Have you ever dealt with large technology migrations?
| quantum_magpie wrote:
| And if no one does anything, in 5 years it will be a
| 1000, in 10 years 5000. As it is right now, the only
| voice governments hear is that of corpos, and corpos want
| to preserve the influence of corpos. That's why we need
| to force the ban on corpo influence. I'd rather pay 1%
| gdp for a one-time migration to open and free software
| than pay .01% gdp per corp per year.
| scarface74 wrote:
| Are you going to also train staff to use the new open
| source software? Where is the open source SalesForce
| equivalent? Workday? Concur? Device management? Email
| service? ServiceNow? Time tracking? Photoshop? Are you
| going to also force every employee to use Linux instead
| of Mac and Windows? Are you going to tell them to rewrite
| all of their software and business processes written on
| top of Oracle and SQL Server? Should they also rewrite
| all of their bespoke mobile apps to support open source
| mobile operating systems? Are you going to migrate all of
| their Office documents and SharePoint? Are they going to
| move all of their project management processes from
| Microsoft Azure DevOps (aka Visual Studio Online)? Are
| they going to move all of their call center software to
| open source? For school systems are they going to move
| their fuel procurement software? Many education systems
| are partially funded by the lottery. Are they going to
| move their backend systems from GTech? Their lunch
| programs payment systems for students use a third party,
| are they going to move that too? Their ATS? LMS? Grade
| tracking software?
| abarwick wrote:
| Simply training government workers to use open source
| tools would shut down governments for weeks.
| rapind wrote:
| 100 SaaS products in one org sounds like a security and
| logistics nightmare.
| [deleted]
| clairity wrote:
| not sure that it's relevant and 'large' is subjective,
| but yes, i stewarded the technology migration of a core
| product suite for a prior employer, which incidentally
| had government agencies as a prominent customer segment.
|
| i'm not suggesting that governments can only use
| internally developed or open-source software, i'm saying
| corporate interests should be firewalled away from
| goverment. so a locally-installed office suite
| incorporating no surveillance tech doesn't have the
| ancillary corporate interests attached to qualify it for
| being firewalled.
| scarface74 wrote:
| You migrated _a_ product. Were you involved in migrating
| the _entire_ infrastructure of an entire state?
|
| Yes, I speak from experience, migrations and
| modernizations are kind of my job.
| [deleted]
| throw827474737 wrote:
| so just assuming you have an overpriced stinking pile of
| sh*t, is this an argument to stay with it forever?
| scarface74 wrote:
| So do you think open source or the government producing
| their own software will be better?
| Jcowell wrote:
| > ah, the ad hominem, never a good sign for the
| proceeding argument.
|
| GP never says that _you're_ naive, but the comment was.
| clairity wrote:
| either way (intent can also be multi-modal), it signals a
| triggered response and is entirely superfluous and
| distracting. it's worth setting that aside, even after
| writing it, and examining the emotional underpinnings
| that led to the response in the first place. we learn a
| lot about our own subconsciousness that way.
| ska wrote:
| >, ... it signals a triggered response
|
| This is, at best, a stretch.
| simonswords82 wrote:
| I have no idea what it is you're trying to say but I did
| laugh that your username is clarity! :)
| clairity wrote:
| excellent, my diabolical plan to rule the world via dry
| humor is working as designed.
| mmanfrin wrote:
| > ah, the ad hominem, never a good sign for the
| proceeding argument.
|
| An ad hominem means using an insult _as the basis for
| rejecting an argument_ , e.g. 'that is wrong because you
| are [attack]'. Saying an argument is naive and then
| explaining why is not an ad hominem.
| clairity wrote:
| arguments can have multiple lines of reasoning, one of
| which can be an _ad hominem_ all by itself.
| lovich wrote:
| A car has multiple parts, but it's still difficult to use
| if you only use/look at each one separately
| clairity wrote:
| if you look carefully, the 3 sentences are disconnected.
| they don't form a line of reasoning.
|
| if it had been starter, engine, and transmission, maybe
| you'd have a point, but instead it's corroded battery,
| door handle, and tailpipe.
| lovich wrote:
| I looked at it carefully, and I'm not seeing what you're
| seeing unfortunately. I interpreted the naive comment as
| a separate summary of their opinion, and then the rest of
| the paragraph was the supporting explanation. He didn't
| dismiss the idea because it was naive, it's the reason it
| is naive is why he was saying it wouldn't work
| robertlagrant wrote:
| None of it was ad hominem.
| wutbrodo wrote:
| None of the lines of reasoning were an ad hominem. From
| your other comment[1], it seems like you think "ad
| hominem" just means "being rude to someone". I recommend
| reading the GP comment's description of ad hominem again:
| it means making a logical argument that depends on the
| speaker's personal characteristics.
|
| "You're European, so your argument is biased and wrong"
| is an ad hominem. "Your argument is naive, here's why I
| think that" is not. The latter is logically downstream of
| the argument, while the former is upstream.
|
| [1] https://news.ycombinator.com/item?id=31854644
| clairity wrote:
| no, an _ad hominem_ need not be literal. do you really
| not understand nuance in language? we 're not computers
| operating only on singular data and deterministic
| instructions.
|
| see how those three sentences go together? that's a line
| of reasoning. the subject comment doesn't have that
| throughline. it's disjointed; the parts are only
| tangentially connected.
| Terry_Roll wrote:
| Rubbish, there has been a concertive effort by the US to
| undermine other countries including so called NATO allies
| in order to dominate the world, its been going of for
| decades.
|
| I refuse to use the NHS here in the UK because of the
| widespread use of Microsoft everywhere.
| alsetmusic wrote:
| I didn't read it as government can't use commercial
| products. Just that the corps couldn't influence politics.
| But I'm not the OP, so I can't speak to what was intended.
| scale8 wrote:
| More around the storing of data. This is why Scale8.com
| is on EU servers...
| throw827474737 wrote:
| less secure? can it get worse than ms, outlook and active
| directory foo? they incepted their own industry around
| their unsecurity, lol.
|
| terrible and more expensive is also a joke, but not as big,
| you still could got to ibm or oracle if you want to pay
| more for less, admitted
| itronitron wrote:
| Most developed countries have several offices/agencies that
| already run 'home built' solutions, they just don't get
| talked about much.
| [deleted]
| jacquesm wrote:
| They get talked about incessantly at the local Microsoft
| HQ.
| sam0x17 wrote:
| Sounds like it would create jobs too, that's a plus not a
| minus lol
| tvink wrote:
| "Creating jobs" to inefficiently solve a solved task is
| not a good thing, it is society burning it's tax income.
| It is only good to create jobs when the output of those
| jobs is increased value.
| the_other wrote:
| Slowing the flow of money out of the public purse and
| into a very small number of barely accountable global
| megacorps and private equity funds, whilst improving the
| employment prospects of the local population, sounds like
| it's worth the cost of repeat work.
|
| Also, nature loves a bit of redundancy. And capitalism
| loves competition. You can't have competition under a
| monopoly.
| cscurmudgeon wrote:
| > . And capitalism loves competition. You can't have
| competition under a monopoly.
|
| And the govt. is the biggest monopoly of all.
|
| Somehow, restrictions against US firms are praised but if
| US imposes restrictions that is condemned (e.g. TikTok).
| tildef wrote:
| > Somehow, restrictions against US firms are praised
|
| By whom?
|
| > if US imposes restrictions that is condemned (e.g.
| TikTok).
|
| By whom?
| majormajor wrote:
| How far does "separating corporate interests from
| governmental ones" go?
|
| Can the government purchase a car? Hire a private corporation
| to build a road? Hire a consulting company to check the
| security of their (now-free-and-without-a-support-contract
| FOSS?) computer setup?
| clairity wrote:
| where to draw the line is a fair question in any policy
| debate, and one i'd expect to draw plenty of lively
| discussion. it's pretty clear to me that surveillance tech
| is on the outside of that line, but i'm open to reasonable
| arguments otherwise.
| Noughmad wrote:
| It's actually quite simple. The government can buy things
| services from specific providers, but it cannot force you
| to buy services from specific providers. In other words, it
| can buy BMWs for government use, but it cannot say "you
| have to buy a BMW to enter the municipal office".
|
| The same applies to websites. If a government website uses
| Google analytics, it is essentially requiring you to do
| business with a specific company (in this case Google) in
| order to use a government service.
| inlined wrote:
| And if the government uses Cloudflare or GoDaddy or aws
| it's requiring you to do business with those companies.
| This goal is impossible to achieve with any government
| run service.
| killjoywashere wrote:
| > cannot force you to buy services from specific
| providers
|
| But government can impose requirements, like TAA
| compliance (1) and SHB requirements (2) on its service
| vendors, forcing those vendors to purchase from a fairly
| constrained number of hardware providers.
|
| https://www.dtra.mil/Portals/61/Documents/Business%20Docs
| /ev...
|
| https://www.afcea.org/site/sites/default/files/files/2-Co
| lLi...
| Arainach wrote:
| If the government takes your data and runs an analysis on
| an old IBM mainframe, are they forcing you to do business
| with IBM?
| Phrodo_00 wrote:
| Is this a bad faith argument? I can't see how the
| difference of google having the data vs the government
| (or whatever entity you interacted directly with) is so
| easy to miss.
| l33t2328 wrote:
| Can the government own a BMW bus?
| feet wrote:
| The gov is forcing me to pay the crony corporations
| through taxing me
| jollybean wrote:
| This analogy does not apply.
|
| The gov. is using some service and therefore some citizen
| data is subject to the T&C's and that's it.
|
| If Google were a German or UK company it would be the
| same thing - everyone subject to those T&C's.
| wutbrodo wrote:
| Could you expand on the definition of "doing business
| with" an entity that you're using here? It seems quite
| non-standard.
|
| If you open the door to a govt office, are you doing
| business with the company who installed the doors? If you
| use the toilet, are you doing business with the company
| that janitorial services are contracted out to?
| Levitz wrote:
| No, when you leave that govt office you don't have any
| link to those companies.
|
| When you visit a site with Google Analytics, they still
| have your data after you leave.
| 1vuio0pswjnm7 wrote:
| Here are the URLs for those who disable Javascript (from
| https://github.com/PostHog/isgoogleanalyticsillegal.com)
|
| https://gdprhub.eu/index.php?title=DSB_(Austria_-_2021-0.586...
|
| https://www.cnil.fr/en/use-google-analytics-and-data-transfe...
|
| https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/d...
|
| https://noyb.eu/en/austrian-dsb-eu-us-data-transfers-google-...
|
| NOYB is the primary source tracking these cases and generally
| was also responsible for filing the complaints that led to
| them. All the details are available from NOYB's GDPRhub wiki,
| https://gdprhub.eu. GDPRhub attempts to provide information on
| all the European DPAs including how to file complaints. At the
| least it provides contact info for all the DPAs and English
| translations of DPA decisions.
|
| As stated in 13 Jan 2022 announcement on noyb.eu, these
| decisions are generally the result of the "Max Schrems II"
| decision. After that decision, Schrems filed 101 complaints to
| DPAs, and now the chickens are coming home to roost.
|
| Note that the "legality" of Google Fonts, under the default
| configuration, is also in question. Arguably use of Google
| Fonts is even more widespread than use of Google Analytics.
| digitalengineer wrote:
| Some time ago Google gave EU admins the option to select a
| local regional (EU) server. This means the data is not send to
| the US. But! It's still nog fully legal as the Google HQ (and
| thus the US government( can still access all the data.
| googlryas wrote:
| Why is that not fully legal? Wouldn't the same law prevent
| Google USA from querying PII data from Google Italia?
| digitalengineer wrote:
| If Google US can access the data, that means the US
| government by extension can also. This is exactly what GDPR
| doesn't want happening. More details in this open letter by
| Max Schrems " the Court has clearly held that US
| surveillance laws and practices violate Article 7, 8 and 47
| of the Charter of Fundamental Rights"
| https://noyb.eu/en/open-letter-future-eu-us-data-transfers
| marcosdumay wrote:
| Italian laws do not apply to Google USA.
| lovich wrote:
| The Italian market doesn't have to apply to Google USA
| either.
|
| Companies can always choose to ignore a specific nation's
| laws[1], they don't still get access to that nations
| markets. At the borders the nation state is the one with
| the guns and firewalls
|
| [1] unless you piss off a nation that can project global
| power, lol if you piss off China or America
| connicpu wrote:
| But someone will have to foot the bill when their branch
| in Italy is fined by the government for violating Italian
| law
| googlryas wrote:
| Not generally, but they do apply to Google Italia, who
| would not legally be allowed to respond to requests from
| Google USA for European PII.
| kixiQu wrote:
| if anyone is curious about why that gives the govt. access:
|
| https://en.wikipedia.org/wiki/CLOUD_Act
|
| (God willing they repeal it, _even_ if only for the
| international commerce implications...)
| [deleted]
| mro_name wrote:
| yeah, like 'swimming pools only bear a danger of drowning when
| wet'.
| rightbyte wrote:
| Empty pools are probably more dangerous.
| Forge36 wrote:
| I hear they attract skaters.
| hnarn wrote:
| That analogy makes no sense at all.
| yrgulation wrote:
| Time to get off my arse and write a self hosted privacy oriented
| analytics tool. Whatever happened to awstats. The question is -
| how to monetise on it?
| tqi wrote:
| 2008-2018: Banking reform
|
| 2018-202?: Data privacy
|
| I wonder what the next trendy thing government officials will
| pretend to care about/fix in order to garner media attention.
| Something crypto related, maybe?
| scale8 wrote:
| This is why we built Scale8.com !
|
| An open-source and privacy-friendly alternative to Google
| Analytics & Google Tag Manager :)
|
| GA is simply not compliant...
|
| https://scale8.com/blog/is-ga-gdpr-compliant/
| tannhaeuser wrote:
| Well HN, how about a badge for links indicating whether it uses
| ga? We have to start somewhere don't we? Or we'll continue to see
| the web decline. Actually, from my PoV, it might be too late
| already. Maybe it's just me or people in EU being harassed with
| banner popups, but I hardly go to any link anymore, and so do
| many other people I know. It's just not worth it.
| ronsor wrote:
| I'm an American, but I occasionally use an EU VPN. I don't
| understand how EU residents can tolerate the number of
| cookie/privacy/GDPR/whatever popups every site has, even on the
| sites of EU companies.
| iLoveOncall wrote:
| We don't. Outside of a few greybeards the vast majority of
| the population would gladly send all of their data including
| dick pics and credit card numbers to remove those popups.
|
| The law was absolutely useless because 99% of the websites
| have an illegal implementation and still added a major
| annoyance in the form of the popup / banner.
| jokethrowaway wrote:
| We Europeans are generally used to do whatever the government
| tell us.
|
| We don't have the same culture as Americans.
|
| Don't get me wrong, you had a pretty bad deal as well:
| without much fanfare, your government grew up so much in the
| last 200 years that it became the largest employer in the
| world. You pay loads of taxes (even more than several EU
| countries) and get very little benefits.
|
| And yet, I'm sure that if we will get to a political solution
| to the ever-growing cancers that governments are, that
| solution is more likely to appear in the states than in
| Europe.
|
| Europe is a hopeless - albeit beautiful - land. The people
| gave up change 50 years ago.
| tannhaeuser wrote:
| Err, just to avoid further misunderstanding: I'm pro-GDPR
| ;) and think it's right to confront users with the hydra
| behind the crap on the web. What I think has destroyed the
| web is attention economy, monopolies, the race to the
| bottom, and lack of incentive for quality content.
|
| Agree though that Europeans could do with more
| libertarianism and less trust in state; it's something
| that's been a big issue for me since at least CoVid
| hysteria.
| [deleted]
| butterNaN wrote:
| A bit individualist solution but you can block it with NoScript
| on your browser
| de6u99er wrote:
| 15 years ago Google Analytics was cool. But ar some point Google
| ditched the "Don't be evil" culture and tried to get as much out
| of Google Analytics for themselves, that it became unethical.
|
| As long as they haven't died ...
| olalonde wrote:
| I wish GDPR compliance would have been opt-in. For example, a
| GDPR compliant website could have sent a custom header indicating
| compliance, which the browser could have displayed in the address
| bar (a bit like HTTPS). Consumers would then have been free make
| the decision to not use websites which aren't GDPR compliant.
| Consumers who are more concerned about privacy could have set
| their browser to automatically block any non GDPR compliant
| website.
| eropple wrote:
| _> Consumers who are more concerned about privacy could have
| set their browser to automatically block any non GDPR compliant
| website._
|
| It may not be your intent, but defaults matter and what you're
| wishing for here is de-facto scuttling of the GDPR.
| olalonde wrote:
| Are you implying that the vast majority of consumers aren't
| concerned with their privacy and would keep using GDPR-
| compliant websites? If that's the case, isn't the regulation
| somewhat against the spirit of democracy?
| peoplefromibiza wrote:
| > Are you implying that the vast majority of consumers
| aren't concerned with their privacy and would keep using
| GDPR-compliant websites?
|
| False premise.
|
| Users simply aren't aware, but once they learn about it,
| they become concerned,
|
| > If that's the case, isn't the regulation somewhat against
| the spirit of democracy?
|
| That's a really weird argument.
|
| Anyway, that's _not_ the case.
| closewith wrote:
| Bizarre idea. Should websites be allowed to opt out of anti-
| fraud legislation? Anti-money laundering? Human rights
| protections?
| nnq wrote:
| Yes? ...this was the original dream of non-national
| cyberspace and we almost had a hope at getting it. Then the
| second chance with web3 but this was also spoiled by people
| getting too greedy and too nasty too fast.
|
| A parallel anonymous-and-free-for-all-but-with-payments-
| included, smth. like Tor-but-powered-by-IPFSv9-and-Etherv7,
| will probably emerge in a couple decades done right after a
| couple failed iterations. Some techs need hardware to catch
| up to be cheap enough, and only after a few failed attempts
| they manage to grow a trend... and it will probably will last
| until it's used to finance a proper starting of WW3 and by
| then banning it will be too late.
|
| Anyway, we'll enjoy the hell out of ourselves on the new
| patreons-but-for-snuff-p03n, so it will all have been worth
| it :)
| peoplefromibiza wrote:
| > this was the original dream of non-national cyberspace
|
| cyberspace was about freeing the people and the flow of
| information between people, not the corporations that silo
| the data in their data centers for ptofit.
| progman32 wrote:
| I believe your argument simply boils down to "laws
| shouldn't apply to people". Am I mistaken?
| nnq wrote:
| Besides the missed irony, I mean that _we need to have
| and we 'll inevitably have a separate internet layer /
| set of protocols / etc. where information will be freely
| broadcastable and exchangeable without enforcement of any
| laws_. We de-facto have it now too, but it's practically
| geek-only hence no real "broadcast" to masses of people
| function can be achieved.
|
| And that once such tech becomes usable by a large percent
| of the general population (by eg. allowing "unsecure"
| websites to "do anything") and we make the mistake to add
| a truly functional and anonymous money transfer
| technology to this layer of information tech, we're
| royally screwed as a species.
|
| I obviously don't want a lawless and free for all
| regular/default internet because on the regular internet
| we exchange real money and we have real identities. I'm
| perfectly OK with having lawless layer of information
| exchange and broadcasting (it's just a natural
| generalization and globalization of "free speech" and I
| think it's crucial for humanity) and even working to
| making them usable by the general population, as long as
| we don't allow any serious kind of money transfer and
| commerce to happen through them. Eg. A psycho posting a
| killing video once a decade is no biggie and would happen
| anyway, let's at least enjoy it / groups of psycho
| creating a market and industry for their "products", not
| ok. Two random guys planning to meet to exchange some
| guns for some money is no biggie and already happens
| anyway; trading weapons on scales to supply real wars not
| ok. Etc.
|
| De-facto "having sites op-out of anti-fraud legislation"
| or of "human rights" protections is already happening,
| and is less obvious because of the centralized nature of
| our current internet. A less centralized internet will
| just allow it to happen in the open in theory. Only it
| won't because since they're already doing other more
| serious illegal stuff and don't want to draw attention.
|
| PP's "Bizarre idea. Should websites be allowed" thinking
| was just funny and ridiculous at the same time: there's
| nothing bizzare, thing are already happening (naturally)
| like this, and ofc it's happening discretely (eg. having
| telegram or other messaging app groups instead of http
| websites but performing similar functions etc etc) and in
| the silence bc ppl doing them do even more illegal stuff
| and nobody wants attention from authority or ppl
| concerned with morality ...and I couldn't help make fun
| of it a bit. It's the kind of guys that argue against
| free speech and yell the "but think of the kids" argument
| at us all the time, and it's tiresome to have to trick
| them all the time since reasoning with them doesn't
| work...
|
| So suggesting that maybe we should bring what's already
| happening anyway in the open, base it on more open
| standards technology, have it be indexable by search
| engines etc. :P I'd rather have a legal:any flag that I
| can add to a google search when I want to go off the
| beaten track then to have to switch the program/protocol
| I'm using (and the browser should make sure as hell I
| don't leak my identity and don't pay for anything on such
| unsafe sites), and _that 's the crux of it, the browser
| would know that a site is unsafe and needs total
| sandboxing simply because the site owner has decide to
| "opt out of the laws" - you realize that longer term when
| s settles down it's a win win situation for everyone if
| you just twist your mind out of the default narrative the
| current tech-corporate establishment is brainwashing you
| with..._
|
| (Or the "let's make a decentralized and truly free
| internet layer" into a real and usable thing... or the
| crypto-crimies will beat us to it and do a version that
| also has payments, generates obvious disasters/wars etc.,
| and then is taken over by big gov and turned to a
| totalitarian nightmare with social credit tracking extra
| features" argument.)
| progman32 wrote:
| Thanks for clarifying your position.
| olalonde wrote:
| No, just GDPR? I don't see any valid reason a user might want
| to "opt out" of anti-fraud legislation but I do see a reason
| why a user might want to access the non-GDPR web.
| peoplefromibiza wrote:
| How would you write such a law?
|
| You can't make exceptions based on what's convenient for
| some business.
|
| Why should GDPR be opt-in but not the consumer minimum
| 2-year guarantee against faulty products?
|
| > ? I don't see any valid reason a user might want to "opt
| out" of anti-fraud legislation
|
| To commit frauds, for example?
| olalonde wrote:
| > Why should GDPR be opt-in but not the consumer minimum
| 2-year guarantee against faulty products?
|
| I also believe that should be opt-in.
|
| > To commit frauds, for example?
|
| Fraud implies an unwilling party, a victim. Not
| comparable at all to what I'm suggesting.
| peoplefromibiza wrote:
| > I also believe that should be opt-in.
|
| But that is irrelevant, we European citizens are happy to
| have it.
|
| And actually fought to have it.
|
| It's a consumer _protection_ law, what you want is
| consumers with less or no protections.
|
| > Fraud implies an unwilling party, a victim. Not
| comparable at all to what I'm suggesting.
|
| I'm quite sure the majority of users visiting a website
| that hosts GA are giving away their data unwillingly.
|
| Would you opt-in theft too?
| olalonde wrote:
| > It's a consumer protection law, what you want is
| consumers with less or no protections.
|
| Yes, indeed. I don't believe the government should
| mandate specific protections consumers should receive,
| because it just serves to reduce consumer options. And
| this is also why I wish GDPR would have been opt in,
| giving more options to consumers.
|
| For example, in a world with no government mandated "2
| year warranty", some manufacturers would offer a product
| with "2 year warranty" and some other manufacturers would
| offer the same product "without warranty", but at a lower
| price.
|
| Consumers would then be free to chose if they want to pay
| the cheaper price without warranty or the higher price
| with the warranty. There are two options for consumers in
| this world whereas in the world with mandated warranty,
| only the "higher price with warranty" option is
| available.
|
| It's the same with GDPR, GDPR compliance has a cost. Some
| websites have started banning EU IPs for that reason.
|
| Of course, the above assumes that consumers are not
| mislead and that transactions are voluntary. Therefore, I
| do think there should be laws against fraud, theft,
| misrepresentation, etc.
| peoplefromibiza wrote:
| > Yes, indeed. I don't believe the government should
| mandate specific protections consumers should receive,
|
| What you believe or not it's completely irrelevant.
|
| In my Country consumer protection is in the Constitution,
| at article 41. [1]
|
| So the government is duty bound to protect the consumers.
|
| Thanks God I was born here and not in olalonde-land.
|
| [1] _Art. 41_
|
| _Private economic enterprise is free. It may not be
| carried out against the common good or in a way that may
| harm public security, liberty, or human dignity._
|
| _The law determines appropriate planning and controls so
| that public and private economic activities may be
| directed and coordinated towards social ends._
|
| > "some manufacturers would offer a product with "2 year
| warranty"
|
| Or, realistically, all the manufacturers would offer zero
| days warranty and only luxury brands would offer life-
| long warranty to people who can afford their products
| (e.g. less than 1% of the population).
|
| Example: Apple, which is not exactly a cheap brand, only
| offers one year warranty in the US, while it's 2 years
| mandated by the law in EU.
| olalonde wrote:
| You have the extra year protection, but you are
| (forcibly) paying for it.
|
| iPhone 13 Pro USA price: 999$
|
| iPhone 13 Pro Italy price: 1250$
|
| PS: In the US, you could probably get that extra year of
| warranty from Apple or from a third party (for like 20$).
| But you don't _have to_.
| peoplefromibiza wrote:
| > You have the extra year protection, but you are paying
| for it.
|
| which anyone understands that is not the same thing.
|
| You can also buy 2 of the same items for redundancy, I
| wouldn't call it "warranty" though.
|
| > iPhone 13 Pro USA price: 999$
|
| > iPhone 13 Pro Italy price: 1250$
|
| The price on Apple's U.S. online store website is before
| taxes
|
| But anyway that's a completely meaningless comparison:
|
| Parmigiano Reggiano in Italy Euro ~10 / Kg
|
| Parmigiano Reggiano in USA $ ~20 / pound AKA $ 44.4 / Kg
| olalonde wrote:
| Of course the price premium is not exclusively due to the
| warranty (probably a good chunk of it is due to import
| tarifs and taxes). But do we agree that increasing the
| warranty period costs Apple more? Do we not agree that a
| business will tend to increase the price of its product
| when the cost of its product increases?
| peoplefromibiza wrote:
| > Do we agree that increasing the warranty period costs
| Apple more?
|
| I don't.
|
| On the contrary, I believe they should thank us for
| encouraging them to make better and more durable
| products.
|
| If I am spending 12 hundred euros on an electronic
| device, the least the manufacturer can do is give me the
| warranty that it won't break on its own before 2 years of
| usage.
|
| Anyway, Xiaomi makes perfectly valid products at 1/3 of
| Apple prices.
|
| Maybe it's not the 2-year warranty the issue here...
| eulenteufel wrote:
| The Venn diagramm of the websites that have a Cookie-Popup
| right now and the websites that would choose to not be GDPR-
| compliant is a circle.
|
| This change would mean most website couldn't be used by privacy
| concious people anymore and that the websites in turn are free
| to track the sh*t out of everyone else. From my perspective
| that sounds a lot worse.
|
| The web is a mandatory part of public live for most people by
| now and it's good and healthy that corporations get push back
| for not respecting privacy.
| kmlx wrote:
| > This change would mean most website couldn't be used by
| privacy concious people anymore
|
| wouldn't the market react?
___________________________________________________________________
(page generated 2022-06-23 23:00 UTC)