This is factually incorrect. The "Cookie Directive" wasn't from 2003, it was an amendment to the ePrivacy Directive. The ePrivacy Directive came into effect in 2002, and it was amendend in 2009. That amendment is what…
This is not true. The national implementation of the ePrivacy Directive are still law. You are correct that GDPR does not require cookie banners, but the law that does was not replaced by GDPR and remains in effect.
The FTC has been begging the complain-for-profit sector to give it a formal path to regulate AI. The FTC's only enforcement hook in this area is that it can take action against companies that have unfair or deceptive…
It's very much how most privacy laws work. According to Revue's platform privacy policy[0], Revue processes subscriber emails as a data processor. Each newsletter publisher owns the email addresses of their respective…
You asked the wrong lawyers, at least for the US. The FTC's case against Sears in 2009 made it clear that consent to a privacy notice isn't valid if the privacy notice is buried deep in a licensing agreement, even if…
No. You need consent to store data on an end user's machine, regardless of whether you later track that data or not, unless such storage is strictly necessary for the operation of service explicitly requested by the…
You're wrong. The ePrivacy Directive does require that a website get consent before storing information on the end-user's device. Prior to GDPR, the local country implementations of the ePD allowed for implicit consent…
I'm a privacy lawyer that has worked on cookie consents for a number of commercial websites. Everything you said here is all too true. The real legal answer in a lot of cases is "Do what everyone else is doing. Don't be…
EU governments are exempt from the requirements of GDPR. In some countries police can access large amounts of data without the need for a warrant. For example German police do not need a warrant to get passwords to…
6 months is not compliant. Employees have to be made aware of the posting on the same calendar day the job is posted. For jobs that are in constant demand, the company has to either send a daily email or have some kind…
The law also requires that Colorado employees be informed of all promotional opportunities. A promotional opportunity is "a vacancy in an existing or new position that could be considered a promotion for one or more…
I am a privacy lawyer that has spent far too many hours on cookie issues. It is disappointing that your correct answer was downvoted. It goes to show just how much misinformation is out there about GDPR. The top comment…
If it's the TrustArc Ads Compliance Manager, it makes a call to all the ad networks requesting the network's opt out cookie. The opt out cookie prevents the user from being tracked by that ad network across all sites.…
Data scientists would rather buy data to work with big data sets than sell their own data for money. It's the marketers and people with P&L obligations that usually want to sell.
>It was never going to be the privacy savior Google billed it as, so why push forward with the concept? Because these users are still anonymous to companies using Google services. Uniquely identifying users, and the…
The law cares about intent and outcome. If you intended to publish Bill Gates' credit card number and did so, and if doing so was a crime, you'd be guilty of that crime. This is true regardless of how you published the…
These were already violations of the TCPA in the 9th Circuit under the 9th Circuit's previous ruling in Marks where the court found that an autodialer is any equipment that dials a number from a stored list. Marks was…
The opt out cookie was created by ad networks prior to GDPR when many EU countries allowed for opt in by default. The opt out cookie was the tool to allow users to opt out. It still has value today as it allows an ad…
>Not to mention that if there were any hypothetical API calls those could be made asynchronously after closing the modal. If you did that, users wouldn't be able to see whether their opt out was successful.
Some tools call APIs from a whole bunch of ad networks. That 60 seconds is likely spent getting opt out cookies from dozens of different ad network domains.
Facebook, as a data controller, is required to provide all information specified in GDPR Article 13 regardless of whether its legal basis for processing that data is consent or contract. Article 13 is a long list of…
Consent is not, and has never been, the only legal means by which personal data can be processed. When the article says: >This would mean that the company does not have to give users a free choice and obtain a separate…
>One issue is that anti-trust has moved from being concerned about harm to consumers (great!) to being focused on harm to other businesses (not so great). The first thing listed in the Federal Trade Commission Act from…
Much of the statements about cookie requirements in this thread are wrong. The rule is simple: If a website uses non-essential cookies, it must inform users and, in most EU jursidctions, collect consent prior to placing…
>Fun fact: the e privacy directive (which defines the cookie rules) isn't actually passed yet and technically you don't need cookie banners how they are now. Purely informational banners would be enough, but the…
This is factually incorrect. The "Cookie Directive" wasn't from 2003, it was an amendment to the ePrivacy Directive. The ePrivacy Directive came into effect in 2002, and it was amendend in 2009. That amendment is what…
This is not true. The national implementation of the ePrivacy Directive are still law. You are correct that GDPR does not require cookie banners, but the law that does was not replaced by GDPR and remains in effect.
The FTC has been begging the complain-for-profit sector to give it a formal path to regulate AI. The FTC's only enforcement hook in this area is that it can take action against companies that have unfair or deceptive…
It's very much how most privacy laws work. According to Revue's platform privacy policy[0], Revue processes subscriber emails as a data processor. Each newsletter publisher owns the email addresses of their respective…
You asked the wrong lawyers, at least for the US. The FTC's case against Sears in 2009 made it clear that consent to a privacy notice isn't valid if the privacy notice is buried deep in a licensing agreement, even if…
No. You need consent to store data on an end user's machine, regardless of whether you later track that data or not, unless such storage is strictly necessary for the operation of service explicitly requested by the…
You're wrong. The ePrivacy Directive does require that a website get consent before storing information on the end-user's device. Prior to GDPR, the local country implementations of the ePD allowed for implicit consent…
I'm a privacy lawyer that has worked on cookie consents for a number of commercial websites. Everything you said here is all too true. The real legal answer in a lot of cases is "Do what everyone else is doing. Don't be…
EU governments are exempt from the requirements of GDPR. In some countries police can access large amounts of data without the need for a warrant. For example German police do not need a warrant to get passwords to…
6 months is not compliant. Employees have to be made aware of the posting on the same calendar day the job is posted. For jobs that are in constant demand, the company has to either send a daily email or have some kind…
The law also requires that Colorado employees be informed of all promotional opportunities. A promotional opportunity is "a vacancy in an existing or new position that could be considered a promotion for one or more…
I am a privacy lawyer that has spent far too many hours on cookie issues. It is disappointing that your correct answer was downvoted. It goes to show just how much misinformation is out there about GDPR. The top comment…
If it's the TrustArc Ads Compliance Manager, it makes a call to all the ad networks requesting the network's opt out cookie. The opt out cookie prevents the user from being tracked by that ad network across all sites.…
Data scientists would rather buy data to work with big data sets than sell their own data for money. It's the marketers and people with P&L obligations that usually want to sell.
>It was never going to be the privacy savior Google billed it as, so why push forward with the concept? Because these users are still anonymous to companies using Google services. Uniquely identifying users, and the…
The law cares about intent and outcome. If you intended to publish Bill Gates' credit card number and did so, and if doing so was a crime, you'd be guilty of that crime. This is true regardless of how you published the…
These were already violations of the TCPA in the 9th Circuit under the 9th Circuit's previous ruling in Marks where the court found that an autodialer is any equipment that dials a number from a stored list. Marks was…
The opt out cookie was created by ad networks prior to GDPR when many EU countries allowed for opt in by default. The opt out cookie was the tool to allow users to opt out. It still has value today as it allows an ad…
>Not to mention that if there were any hypothetical API calls those could be made asynchronously after closing the modal. If you did that, users wouldn't be able to see whether their opt out was successful.
Some tools call APIs from a whole bunch of ad networks. That 60 seconds is likely spent getting opt out cookies from dozens of different ad network domains.
Facebook, as a data controller, is required to provide all information specified in GDPR Article 13 regardless of whether its legal basis for processing that data is consent or contract. Article 13 is a long list of…
Consent is not, and has never been, the only legal means by which personal data can be processed. When the article says: >This would mean that the company does not have to give users a free choice and obtain a separate…
>One issue is that anti-trust has moved from being concerned about harm to consumers (great!) to being focused on harm to other businesses (not so great). The first thing listed in the Federal Trade Commission Act from…
Much of the statements about cookie requirements in this thread are wrong. The rule is simple: If a website uses non-essential cookies, it must inform users and, in most EU jursidctions, collect consent prior to placing…
>Fun fact: the e privacy directive (which defines the cookie rules) isn't actually passed yet and technically you don't need cookie banners how they are now. Purely informational banners would be enough, but the…