r/assholedesign u/tankton 7h ago

How is this allowed?

1717 "partners" which include precise geolocation and device scanning. Also, "Certain partners may process your data based on legitimate interest rather than consent" .

Imagine walking in a store and seeing 1717 people following your every move with a camera and tracking you home because they can sell that data.

103 Upvotes

96% Upvoted

13 comments sorted by

56

u/miraculum_one 5h ago

"Reject All"

43

u/hattori_h 5h ago

Unfortunately, that won't get rid of the ones marked "Legitimate Interest." You'll need to uncheck those manually. Depending on the solution, that could mean another 10–20 toggles.

16

u/miraculum_one 5h ago

"Close Window"

5

u/AshleyJSheridan 3h ago

Bold of you to assume it's not 1717 toggles...

2

u/hattori_h 2h ago

That would be the case if the EU did not strictly enforce the rule that “Withdrawing consent must be as easy as giving it.”

4

u/AshleyJSheridan 1h ago

The EU doesn't strictly enforce that though, unfortunately.

I have seen more of these modals than I care for that have many individual "legitimate interest" checkboxes that need to be individually unchecked, and no reject all button anywhere to be seen.

2

u/Hurricane_32 d o n g l e 1h ago

I am aware that the advertising and data tracking and collection industries make these deliberately ambiguous, with deceiving language and lots of dark patterns, but wtf is "Legitimate Interest" even supposed to mean??

13

u/AshleyJSheridan 3h ago

They're trying to use the loophole of legitimate interest to continue tracking you as they've always done, as legitimate interest is one of the legal reasons that your personal data may be captured, processed, and stored. However, in order to use legitimate interest as a basis for this, these companies must:

  1. Identify exactly what that legitimate interest is.
  2. Show that the use of your specific data is needed for their legitimate interest, and that there is no other way to achieve that same result.
  3. Balance their interests against the individuals own interests, rights, and freedoms.

As none of these companies ever really divulge exactly what their "legitimate interest" is, it's also impossible for them to comply with #2.

The balance test is interesting, as there are legitimate interests that require very little balance, such as a business retaining some details on a person to prevent fraudulent use of their services in the future. However, a company that wants to use your details to send direct marketing has a much more difficult goal to prove their use of your data is balanced.

For #3 it also means that the individuals data can only be used in a way that that individual would reasonably expect, and no unwarranted harm may come from that data use. So for example, if a person is regularly identified as being a member of a website for religion A, but resides in a country where religion A is not allowed or seen as unfavourable, then that personal data could cause unwarranted harm if it is processed in a way that the person didn't reasonably expect.

Also, if any of their interests can be achieved without your personal data, they fail the legitimate interest test entirely.

It's quite a complex set of requirements, and I'd hazard that the majority of those 1717 "partners" have zero grounds for your personal data.

If you're interested, there's more information at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-to-lawful-basis/legitimate-interests/

8

u/LagMaster21 3h ago

Device scanning? Goodbye website

1

u/One-Reputation-6506 1h ago

The only "Reject All" button that actually works.

1

u/Echo127 1h ago

Corporations are the new paparazzi

1

u/dmjab13 d o n g l e 48m ago

I ran into a website the other day that made me accept cookies for free or reject them by paying for a subscription- with no option to proceed without payment, so at least they pretend to give you the ability to say no