Bulletproof privacy in one click
Discover the world's #1 privacy solution
Coming soon
Coming soon
Coming soon
General Data Protection Regulation (GDPR) was designed to give individuals greater protection and rights by altering the way in which organizations handle the data of those who interact with them online.
But, does it?
The reality is that there are so many GDPR issues that the regulation does very little to protect your identity and your personal data. There are three main GDPR issues:
1. GDPR cookie consent notices are often designed to have people accept all without thought;
2. Non-consent choices are often ignored;
3. Cookies are not the only tracking method used. Websites rely heavily on “browser fingerprinting” which is much more invasive and isn't covered by GDPR.
As it turns out, GDPR is not the hero it is hailed to be. GDPR is a failure.
Let's explore.
The GDPR data protection reforms came into effect across Europe on May 25, 2018, modernizing decades-old laws for the protection of personal information in the digital age.
The updated regulations are meant to strike a balance between the legitimate interests of businesses and protecting the fundamental rights and freedoms of individuals, particularly the right to protect their personal data.
The term “personal data” is a pretty broad scope, but according to GDPR Article 4, it means any information relating to an identified or identifiable person.
This can be a name, an identification number, location data, an online identifier, or even the physical, genetic, biometric, economic, cultural, or social identity of a person.
The rights of EU citizens under GDPR are also referred to as the eight “guarantees” or core user protections:
Every website and business providing a service to EU citizens and residents is responsible for facilitating these core protections. This is why every time you visit a website, you'll be asked to give your consent, allowing businesses to track your cookies, and store and/or share your data.
In theory, it puts the individual in control.
In theory, GDPR sounds like a good thing.
But in practice, it's a completely different story. Let's take a look at the GDPR issues.
GDPR failure of forced consent
One of the most obvious GDPR issues is that of consent. Although well-intended (as well as legally required), cookie consent windows, blocks, and banners have become little more than an everyday annoyance.
The often text-heavy, scrollable pages with countless checkboxes, pop up on almost every single website to ask the same basic question:
Do you consent to this website collecting your data?
We see it so often that it has become meaningless and few people ever actually read what they are consenting to. Be honest. How many times have you simply selected “Consent all” just to get rid of the box and get to the info you came for?
The truth is, that many consent boxes are specially designed to make you do just that.
The vast majority of banners are made by consent management platforms (CMP). These platforms often utilize tactics like the neverending array of options, confusing language, pre-ticked boxes, or “Accept all” buttons with a larger font or a brighter color.
Some even disguise the acceptance with a “This website uses cookies” statement with a simple “I understand” option. Clicking that can often mean inadvertently giving consent without your knowledge.
Basically, the more difficult it is to bypass the GDPR window, the more people are inclined to give consent and move on. But the question we should be asking ourselves is: is it really consent if it is manipulated?
GDPR ignores users' wishes
Even when a website's cookie window does provide simple and meaningful options to its users, their choices aren't always respected.
One study showed that from 508 analyzed websites that provided users with an opt-out choice, 39 of those sites still stored a positive consent result— even after a user explicitly refused. Not only can the website collect, store and use the data, but so too can hundreds of third-party advertisers.
The rights of EU citizens under GDPR are being ignored by using the very regulation that is meant to protect them. GDPR is used to blatantly disregard users' intent with on-page content such as videos.
Technically, browsers have restrictions that forbid websites to autoplay videos with sound when the user hasn't yet interacted with the page. Showing a GDPR banner forces the user to click on the page which constitutes an interaction, unlocking the ability of the site to play a video with sound.
GDPR issues with cookies: They are not the only tracking tool
Let's say every website provides a nice and neat, easy-to-read, 100% compliant GDPR window and that you do actually take the time to reject every single cookie tracker on every single website you visit…
You would like to think that in this case, your data would be safe, right?
Think again.
One of the main GDPR issues is that it gives internet users a false sense of security and privacy. When they reject the cookies from the GDPR window, they believe they won't be tracked. But websites use other methods of tracking such as fingerprinting, which not even a VPN can block.
Fingerprinting, also known as browser or device fingerprinting, is a term used to describe an “invisible” process of collecting information on an internet user via their browser. The data is gathered to build a unique identity (aka fingerprint) of that individual user across remote devices.
While fingerprinting has been championed as a means to detect and prevent identity theft and credit card fraud it also has a dark side that undermines the rights of EU citizens under GDPR.
Fingerprinting allows companies to get around the GDPR cookie blocks as it enables them to compile records of individuals' browsing histories and deliver targeted advertising even when that individual has chosen to avoid tracking or deleting their cookies.
Most people are not even aware that this process is being used, yet a study from 2020 found that more than a quarter of the top-10K websites are running fingerprinting scripts. Not taking digital fingerprinting into consideration is a massive GDPR failure that puts people's privacy at risk.
To sum up...all these GDPR issues make it a farce
The myriad of GDPR issues makes it an ineffective data protection tool. The banners are either designed to be ambiguous to manipulate users into giving consent or blatantly violate the laws with no way to reject all or simply by ignoring users' choices.
Although there have been fines for GDPR violations, there are hundreds of websites slipping through the net every day, taking your data with them. Plus, its current scope doesn't even take into consideration digital fingerprinting meaning the rights of EU citizens under GDPR are not protected at all.
Instead of trusting companies and third-party advertisers, consumers are seeing the light and turning to privacy tools and anti-tracking technology. Ad blockers, VPNs, privacy-focused email providers, and browsers are becoming more popular as they fill the gap that GDPR so sorely leaves behind.
But with the web landscape changing, that gap is only going to widen. If GDPR is failing us in web 2.0, then what hope do we have in web 3.0 and the Metaverse? READ MORE: Privacy In The Metaverse Is Uncertain In 2022
Ruby is a full-time writer covering everything from tech innovations to SaaS, Web 3, and blockchain technology. She is now turning her virtual pen to the world of data privacy and online anonymity.
Chapter 14: IoT Hacks
Dive into the unsettling world of government-controlled GPS tracking!
Trash Talk: How your garbage can be exploited by hackers, law enforcement, and government agencies
It’s time to uncover how government surveillance gets personal.
Discover the world's #1 privacy solution
Coming soon
Coming soon
Coming soon