You’re probably not GDPR / ePrivacy Directive compliant.
Even if you're using a Consent Management Platform (CMP).
Even if you paid for it.
Just dropped a new YouTube Shorts video that exposes what we’re calling Consent Theater – where most "compliant" consent solutions are silently loading trackers before you even click “accept.”
That’s a direct violation of the ePrivacy Directive in EU (yes, even in the UK (PECR) and Norway (Ekomloven)).
Why are millions of businesses paying for tools to become compliant when they are not?
throwawayqqq11•6mo ago
Funny thing is, GDPR defines legal possesion of personal data in two forms: The data is either strictly required for a service or business process (like a delivery adress or payment info for an online order) or otherwise explicitly allowed by customers.
So, if you dont ask for or store personal information, that is irrelevant for your business, you dont have to ask for consent at all. The customers consent is implicit the moment they use the service with required information they have provided.
I assume most sites dont need that cookie banner theater unless they want to tap in the personalized ad revenue stream, which wants to collect as much PII as possible. The purpose of the theater is similar to the "i dont care and agree" ToS dialoges, people should get an eazy way to wave away their rights for corporate profit maximization. Compliancy is secondary, imo.
VikingTechGuy•6mo ago
Just dropped a new YouTube Shorts video that exposes what we’re calling Consent Theater – where most "compliant" consent solutions are silently loading trackers before you even click “accept.”
That’s a direct violation of the ePrivacy Directive in EU (yes, even in the UK (PECR) and Norway (Ekomloven)).
Why are millions of businesses paying for tools to become compliant when they are not?
throwawayqqq11•6mo ago
So, if you dont ask for or store personal information, that is irrelevant for your business, you dont have to ask for consent at all. The customers consent is implicit the moment they use the service with required information they have provided.
I assume most sites dont need that cookie banner theater unless they want to tap in the personalized ad revenue stream, which wants to collect as much PII as possible. The purpose of the theater is similar to the "i dont care and agree" ToS dialoges, people should get an eazy way to wave away their rights for corporate profit maximization. Compliancy is secondary, imo.