The Nebula / CuriosityStream bundle is no longer active. Instead, you can sign up for Nebula directly with my discount now for about $2.5 a month with a yearly plan, which includes Nebula Originals AND the whole Nebula Classes platform, too, including my own class. Sign up here: go.nebula.tv/techaltar

The main problem with GDPR is that it didn't make mandatory to have a "REJECT ALL" button on the first page which means that Accept All is always easier!

Gotta love the cookie websites where you can disable "essential cookies" but can't disable tracking cookies...

Thumbnail should be: Did GDPR work? Yes/Show other options

Hey, I appreciate your honesty in showing us your own company’s cookies policy despite it not being the greatest.

GDPR is great. Although they need to add a law that demands easy cookie rejection on websites instead of whatever labyrinth you have to navigate now.

It's been THREE YEARS? ALREADY? man time is flying

I'm so happy that we have a quality tech channel based in EU. Are there any other ones ?

It works, and I really like it exists, but it needs more work

For me it worked. I was able to get my data from Spotify, and found the song I was listening to a day earlier during studying for my exam. So I see it as an absolute win.

I wonder if it really counts as "informed consent" when you get an email from Facebook or Instagram basically saying "we're going to do whatever the hell we like with your data: do you consent, or do you want to effectively be banned from ever using our service again?"

almost thought that today was friday seeing that notification

Big companies: paying fines is cheaper than allowing user to disable

It'd be a good idea to find and/or set up some sort of a "cookie _declutterer"_ extension for browsers that can make it better to both understand what is being stored in the cookies, edit it on the fly, see what people think of it, etc. That way, even if a website decides to give you a cookie that you don't know, you can easily learn about it, and if you don't want it, to remove without going through weird places. Also, so when you reject cookies, they don't make you go through loops every time you go there because they don't store it and make you reject them again.

Oh yeah I completely forgot the "just turn off cookies in your browser" websites. Yeah they are annoying.

the fact that cookies and trackers are now in my face has made me more aware and careful with my own data

I'm now the company "Data Protection Officer" where I work. Long story short, it's a job title created by GDPR. This makes me the guy responsible for writing up the cookie banner for our web site, so I'm very interested in this video. Thanks for making it.

I am deeply amazed with your level of commitment to read through all those cookie policies.

Learn from the tech sector you're fighting: Iterate, iterate again and iterate further. But the key thing is to do it _FASTER_ than at a glacier's pace!

"if ask the prisoner to design the prison and ask the not to leave the door open he will just not put any doors"

GDPR is a HUGE success. Honestly. The cookie settings are just one tiny bit (but most annoying) of the bigger picture. All the major stuff needed to be done: data location, right to be forgotten, report of personal data usage, structures of software to support all of these, etc.. This GDPR is just one of the excellent stuff EU has brought to the people. EU has the most people&planet friendly regulations up to date.

TechAltar v Verizon Media when? :) Also the cookie windows are utter hell for people who use screenreaders.

This video needs to be watched by everyone. I can't upvote this enough.

I’ve had success getting my data deleted when I cited GDPR, despite being rejected previously. Some companies make you email them, but they do actually respond to enquiries. It’s a lot better than outright telling you to gtfo like they do outside the EU.

GDPR is a gift to the tech giants that can afford a multitude of lawyers and data security specialists. If they wanted to destroy a startup, they'd drag them through a GDPR lawsuit.

Thing is, most cookie banners are only non-intrusive on PC. In a mobile browser, they take up 3/4 of the screen or just the whole page.

Love that you reviewed your own website and gave it an objective grade.

Thanks for making well researched videos about tech.

thank you so much for the direct link to the nebula piece I have nebula but never use it cuz it's homepage is a laggy mess so I only go there for exclusive content and finding that is atrocious so thank you 1000 times for the direct link

11:10 Typical Facebook

"Genuine interest" = **Mr Krabs voice** - I like money! Great, thanks for exposing the greatest loophole in this GDPR journey!

GDPR is incomplete. You should also consider that it has negative cascading effects on scientific research and security research as well as making competition more difficult for small/medium groups. GDPR's intentions are great, but, its a hammer used to kill the infection when what is needed is surgical knifes

I was part of the project to implement GDPR-compliance in our small (~30 people) software company and my experience of doing that is quite positive. The value of GDPR was largely that it forced us to review what we're doing and consolidate & document it (~store customer data in defined places).

As much as website owners hate ad-blockers, they sure make a damn good case for them.

As a techie living in Central Europe, I see GDPR as one law that is actually addressing a problem that the current generation is experiencing - being tracked without explicitly allowing that. My problem is right now that it does not help with business relationships. Oftentimes, if you collaborated with an employee of some other business and you had e-mail conversations with him, after some time your mailbox will be receiving advertising/press releases from that company, meaning that your corporate e-mail has been passed over to marketing department, which afterwards, without even thinking about whether the person in question wants it, launches mass marketing campaigns. The only working weapons so far that I have are request for data deletion and threaten them with e-mail blacklisting.

Brilliant video, thank you!

Once, i couldn't get a song out of my head but I couldn't find it. I had to do a GDPR request on my spotify listening history and go through the whole thing again. Very useful!

Video Idea : What happened to article 13?

I used to work for a financial software company in the US and we have laws to comply to where we cannot use the information gathered outside of what the user's intent. If they submitted data for a loan we can only use that for approving a loan. "Legitimate interests" needs to be clarified if that's for the collector or the user!

I just wished browser makers would design a set of default consent options. So I can e.g. say "every page I visit is allowed to do X" and that would be a default, no more individuals cookie banners...then again most would still want to ask for more.

Fantastic analysis, very clearly and concisely presented. Thank you for making this!

Really good video. But the scene at 15:00 caused some nausea for me. The scrolling was just too fast for a 30fps youtube video

Two words: Adguard Pro. As a California resident I fall under the CCPA which closely mirrors GDPR. It’s just easier to block everything for every website and if it breaks a website, I either move on, or open it in another browser, disable protection, and then clear the cache as soon as I’m done. And then the DNS Cache, and reboot the router . . . I hate them all.

One of your best videos. That line or style of videos between educational and investigative is one of my favorite. Its like Last Week Tonight, except with snark or sarcasm instead of comedy.

GDPR is an example of EU lawmaking: It made sites awful, it hampers the user experience, it made startups working in the EU more difficult and for what? People still violate GDPR with zero fines and users are trained to press "accept all" just to enter the site quickly. Because unless you accept/reject you cannot enter the site.

You made a great point for whoever runs GDPR (I'm not from EU). All sites should have one single layout of consent banner with clear Boxes of Yes and No just like Apple does. If GDPR can make websites ask for consent in the first place they can make the websites do this too. Thanks for making great content

We were just studying today at university about GDPR and data protection act . This video is gonna be very helpful for my assignment .

Thanks man, I am a software developer and I have got lot of things to say in my upcoming interview, from your videos, thanks a lot.

4:43 - _"Before GDPR many services simply refused to delete your data"_ I can reassure you that most companies just copy the data over to an "unofficial offline storage" instead of deleting it. Or that's what happend where I previously worked, I left there for a reason.

Here’s what I think the EU need to fix GDPRs flaws, from information in the above video: -Remove the “legitimate interest” part of the law (Article 6, Section1, Subsection F) -Build and require everyone to use a simple and standard cookie banner -Launch lawsuits against the major violators of the GDPR, and hand out the maximum fines, to make a point and confirm they will use the maximum fines. -Not as crutial, but I would like to see the maximum fines increased.

The ability to view and download collected data in machine readable formats was the biggest things that for me was and is a plus. I can run my own analytics and statistics on the data, or import it into other products, or services if i wish.

So, let's sue Verizon... I don't live in the EU, so someone else can.

This is one of the best GDPR guides I've seen but I think this video should be optimise better to be found on KZbin

There is one thing to take into consideration... The GDPR is not only for information collected via cookies. Actually, information collected this way is minimal compared to other information you provide to an infinity of other services. It applies to sensitive information you provide to life insurance companies, to banks, to retailers, etc. This type of information is much more "sensitive" (using this word loosely because under the law, there is a specific definition of what sensitive information is). For example: trackers will essentially personalise marketing adds, so there is not much information that can actually harm a person, just but more of an annoyance. But when you start providing official personal information, criminals can literally screw you life but getting loans on your name and you will never know. Bottom line: yeah the GDPR didn't quite succeed in relation to tracking and marketing, but it did succeed in other much more important things.

My favorite implementation of the cookie consent form is the ones where it just sends you to google.com if you reject their cookies, basically blocking you out of their service.

And no EU court have actually decided that such cookie banners are a requirement at all, some sites just adds them because the fine if some court ever desided it was a thing was insane.

The EU should just add to the "legitimate interests" part, that making money with user data is no "legitimate interest". If newspapers want to make money in the future, they should just show not personalised advertisement and/or ask for money. Maybe there could be a service like Spotify for newspapers.

Europe always leading in a good things like emissions to euro 6, and the browser choices implement at the windows start page

I've recently realised that one of the unspoken consequences of GDPR is suppression of grassroot organisations. The 1-year data retention requirement makes it almost impossible for small organisations to keep itself together, as all their members or supporters need to give explicit consent for data collection. Last year I spoke with a man who was organising yearly pilgrimages for people from across my country. He's mentioned that GDPR made it very challenging for him to keep phone numbers of his customers (who also are all friends of his) as the pilgrimages happen once a year, which coincides with the law. I've also heard more recently about some small political or lobbying organisation complaining that GDPR has made it very difficult for them to affect political processes. I don't remember their name or goals but I clearly remember their complaints against GDPR. At this point I believe GDPR's goal was to stifle dissent and prevent people from organising against the EU from the start.

For me the most annoying thing is that it is not required by law to just provide a standarized json list of trackers. That way browsers could help users to automate their choices, not forcing them to have a choice every single time. Forcing users to visually evaluate the content trackers of each site they visit is kind of obfuscation in itself.

Are there any upsides accepting the cookies at all?🤷 Edit: serious question

Funny coincidence: I just joined a new web-project and the first thing in my task list was " Update GDPR dialogue and disable all nonessential cookies by default"

Despite its issues, I wish we had this in murica

Wow this is such a fantastic summary of everything. You mentioning the mass emails we got about gdpr reminds me of the same thing that happened early on in the pandemic and every business advertised how they were great at dealing with the pandemic

Absolute genius video 👍 Really appreciate your effort!

Last time I was this early, iPhones still had headphone jacks.

Thanks for making this video. In California, we passed our own privacy laws attempting to reinstate the Net Neutrality Act that was overturned in 2016 on a State level (since state law in the US, can override most federal laws that aren't bound by the Constitution) -and in practice, it looks an awful lot like the GDPR. Reason I say this is because most companies literally recycle GDPR notices & cookie pop-ups, and tack-on "If you're in the European Union *or California* ..." Familiar with all the cookie frustration and confusion. There used to be an excellent browser extension that blocked cookie notices on Chrome/Chromium-based browsers, effectively blanket refusing consent... buuuuut updates to Chrome's architecture in the last year rendered it ineffective, and dev's gone AWOL. I'm sure you wanna keep your vids under a certain length, but I think it's important to remind viewers *why* this alleged "advertising" tracker protection is so critical for human rights, democracy, mental health, job prospects, housing, and most of all, *our personal safety* . It's too easy for purveyors of the most dystopian tech beyond our comprehension (or what we're willing to accept as truth) to launder their many shell corps' as cogs in the "personalized advertising" wheel. While creepy as hell and wholy ineffective, it's not wrong to believe personalized advertising isn't a threat in and of itself. The problem is this isn't about advertising in the singular context we're familiar with; consumer advertising. If we grasp the fact that we are not the "consumers" of said "advertising," only then can this tracking be defined as "for advertising or marketing purposes." Focus Market Research in itself has always been extremely creepy and dystopian, and while not enough people talk about the fact selfie cameras are being accessed by marketing firms in real time without consent or consequences to run your facial reactions thru facial recognition algorithms that purport to detect your "mood" (horribly inaccurately); even that is not the primary threat. What we're dealing with is *Cambridge Analytica* , *Lexus Nexis* (most of their files on every human being alive are built from private data purchased from THE parties behind "data breaches"), and the legality of other data brokers packaging our most common sense *private information* and selling it to any person on Earth for $10-$20. Background checks & credit checks used to require CONSENT. Now anyone can find your home address, family members, associates, job history, enough details to social engineer their way into resetting passwords, and much more. Lots of people have been stalked relentlessly and physically attacked by people who buy their data in order to facilitate these crimes. The Cambridge Analytica space is how they use knowledge about us, including gauging our behaviors and interactions on social media (and on our devices in response to manipulation of our mood via our feeds & "news" shown to us); to manipulate us on a profound and invisible level, primarily with the intended outcome being radicalization. They're "advertising" back to us, our very conception & perception of reality. I'm going into too much detail for a tech KZbinr, especially on a year old video - but I do hope you continue making socially conscious videos on this level about privacy. I do recommend reminding viewers what's truly at stake, when it comes to something that's been to appear benign, and almost "paranoid" to be overly concerned about, under the horribly vague term, "tracking." A refresher on what they're doing with this data via what they have done, and how they track much more than what you search and websites/apps you visit and who you're in contact with, when and where - all things that are more than enough to persecute or threaten someone with. That this goes into gauging, "measuring," and altering user behaviors and belief systems. Modifying beliefs that re-structure one's own reality, social norms, and identity. They're using Cookies to inconvenience people into being apathetic about any privacy legislation - even that which was designed from the start to enable horrible privacy abuses to continue. This leads to the age old "I have nothing to hide" and "who cares about what other countries know about me" and "I don't mind personalized ads, it's not hurting me." The entire conversation needs to shift away from advertising and "data collection," as people understand it. The threats aren't simply data breaches of these horrible companies aggregating and selling things about us that shouldn't even be called something so removed as "data," or the "hacking" that sometimes comes as a result. It was already out of control in 2015-2016 when it was enough to influence people in elections or social engineering coups around the world - but since COVID isolation and everything being moved online, total domination of our reality and normalization of companies using inaccurate and discriminatory "data" about us that we don't even know exists to "screen" & disqualify us from jobs & apartment rentals.

cookie banners are useful in so far that - in most cases, you can still browse the website. unless you click "accept", none of the trackers should (legally) be activated. if you are tired of disabling every choice of ad cookies, just leave the message and never click "accept". cookies at this point are opt-in !! so never getting rid of the banner means you haven't given your consent to using cookies! only when you try to get rid of this bottom cookie advert thingy, you most likely agree to the terms. just leave the thing there. chill out and live with the cookie warning. don't interact with it at all. plus: use "ublock origin" and not "adblock plus".

I didn't know anything about this topic before your video and I find it really interesting! Also, this video was really well done, I love the editing! Thank you for making it :)

GDPR is a great starting point, and a rare showing of how governments can care about their people more than corporations

GDPR is a rare example of government regulation of the online space that was at least aiming at the right thing. So many webshops / websites where you have to create an account enabled newsletters and just straight up spam your email. What wasn't done right is the US and other parts of the world not joining in the enforcement of this regulation.

There's a lot of misunderstanding by the author... first, websites that show that massive list are not actually working with all these companies, they just showing the entire list of vendors that registered with the IAB framework that pretty much everyone uses. It's much easier, because in most cases, publishers don't know who is involved in the monetization of their content. Also, these buttons you can enable/disable by vendor is not something the publisher sets up... it's automatically set based on how each of those companies registered with the IAB. And yeah, each company can claim they have a legitimate interest in all the processing they do... but if they end up in court, it will be up to them to prove it and the fine will be much worse. Not really a loophole.

10:04 "Whoever that is" -- Scorecardresearch is comScore. They were one of the first companies doing web tracking. Their products are everywhere and they try to measure everything. The particular cookie you are referencing is used by websites to monitor if you saw an ad - so the website can charge the advertiser. It is also used by the advertiser to know if you saw the ad - so they can verify that the bill from the website is legitimate.

In the long run what these things will achieve the most is no more free stuff. All of the free stuff depends on ads, but not just any ads - personalised ads. If they are not personalised, they are useless as a monetization source. For example Apple's new tracking popup leads to 3 times lower income for app developers - not many companies can survive such a cut. They are essentially forcing the free apps to remove the ads and become paid (so that Apple can get their commision). That's also the reason why Google gives a ton of services for free while Apple doesn't give anything - it's because Apple doesn't have an ad business - and you pay for everything. And you can already see major news websites becoming paid - this will become more and more popular in the future, not just for websites, but for apps as well.

I stopped at 0:49 and read the cookie prompts. Wasn't disappointed :)

Thanks for the video!

A lot of these aren't issues with GDPR itself, they are cases of GDPR being ignored. Abuse of legitimate interest is one example. There have been lot of cases where courts fined companies that tried to sell "delivering relevant ads" as a legitimate interest. It's not, it's been proven over and over again. I know a couple of websites that turned off that option even though they use one of the generic GDPR widgets. The trouble is that not enough people actually submit complaints. When they do, it's usually dealed with quickly and efficiently.

Didn't watch the video, but for my business and clients there has been many things the GDPR has caused. We prefer hosting things in our own country if possible, we try not to collect any user identifiable data if possible, and when we do collect those things, they are anonymisable and can be removed easily from backups and production databases. And my sites don't show cookie banners as there is no need for cookies.

Although it's shocking that companies are dodging GDPR, it could also be easy for a person to take them to court and win against them if they're not fully compliant, those companies are playing with fire with their trickery and at some point they will pay the price in lawsuits.

They need to fix the damn loophole where a website can just deny you access unless you click agree to everything. The norm should be to collect no more data than necessary for the service being performed.

Another issue I have with this law, and a very big one, is when you buy a service and accept (or even without choice) to let them collect and use your info, It doesn’t matter if it’s personal info generated by using the service and somehow that grant them ANY use of that information, forever and can be shared and transferred with third companies and your data/consent don’t expire never because is for eternity, that should be ilegal, European privacy protection laws like GDPR are not only for when you enter a website to read an article, also when you buy a new phone plan or create a bank account, and somehow if you agree or worse if or its in their legitimate interest and don’t need to or you register before this laws where in place your data can be share for ever to new companies without new consents even if for this new companies don’t share that “legitimate interest” that the original company could have. Imagine I need to collect data of people I only need to create a bunch of companies for which a certain type of data is truly their legitimate interest so with all of them I have all the information that would otherwise not considered legitimate interest and I can share not only with me but also third parties, there you got another loophole to get all the tracking and information of people without consent, instead of one big funnel of data collection create and situate a lot of smaller ones that go to the same pool where you can not always process as you always done, but can be widespread to others so you don’t even need to make all the “legitimate interest” companies to complete your puzzle, you can cooperative with other data vampires wheee!

I think a next update for GDPR should introduce a requirement for standardized cookie banners. There could be a few formats that would appear on the top or the bottom of the page, which then would open the same modal dialog. Apart from that, cookie consent should be machine readable. What I mean by this is that there should be a way to set in your browser settings your general cookie tracking choice and websites should read them without displaying a banner. I'd expect companies to fight this last one with tooth and nail, as if it gets passed, they won't be able to nag you with cookie banners.

Thing is, if you accidentally accepted data access in just a small portion of websites or times, it's enough for data collection companies to get all the information they need. Another thing where Europeans feel the negative effects of the regulation is that many US sites block Europeans from viewing their site for "legal reasons".

man you should see what grindr's is like-idk if you accept all they will stop bugging you, but every time i leave the app and come back to it it tries to make me accept all by popping up the banner again with accept all as the default option and makes me go digging to disable stuff again

Very nice dialog boxes! "Yes or Accept", "Track me Track me", "I love cookies" ;-)

Since the last Opera update on Linux I have to reinstall it every day or so to get it working again. I accept all the cookies because they will be gone the same day lol. It is a safety feature!

I don't see the cookie walls as a weakness of GDPR, but as a lack of enforcement from data protection agencies. The regulation is extremely clear: it should be as easy to refuse as it is to accept.

GDPR is great for office politics. Just suggest a rivals project might violate the GDPR and it's instantly put on hold till the overworked privacy-officer has done a formal assessment. Which can take months or even years.

I just wish these cookie accept/reject options were implemented as sort of a standardized protocol, that the browser could automatically handle, i.e. display in its own small window, apply default rules by the user, in order to minimize the hassle for the user. Implementation could be i.e. like the robots.txt crawler file or the like to announce it, the problem is that non-tech savvy bureaucrats just imposed the rules and didn't consult with browser developpers :(

13:14 reminds me of Inglorious Basterds

Well GDPR also says that everybody must implement "(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing." Article 32, EU GDPR "Security of processing" I am in the business and I have never ever met anybody who would take it seriously and implement some regular pentesting scans of the website/networks/... But when you get hacked (good luck with your WP) you have to be able to proof you haven't neglected that... otherwise huge fines. But, nobody does that. Nobody enforces that. Nobody tells companies they should do that. Companies don't spend money on these things... so just some unlucky hacked companies will get that final blow - GDPR fines.

I started using ninja cookie plugin which disables cookie banners on sites. In the future you will have to have 3 adblockers, 1 antitracking system, 2 dezinformation modules when browsing the net.

5:38 I actually genuinely prefer having to waste my time and untick every single individual cookie on every single site I visit, I've just gotten used to it now, might even write a script to save some time

You could disable those accept only banners with an ad-blocker for example.

Glad someone brought this up. WELL DONE. no one would behave like this face to face as they would get a thumping so not sure why company websites think its ok. also not sure why the lawmakers didnt adjust the law as soon as they seen this behaviour? was it all just about generating money through fines?

Recently I've moved to trusting a few specific sites. And running everything else in jails. It's not foolproof, but it's better then nothing

I enjoyed the GDPR, but for other reasons. I'm a legal translator, and I had a steady stream of clients asking for similar work (privacy policies etc) for some three months.

You can use simple analyst . No tracking and no cookie banner.

Also Downloading and deleting data is not always easy still. It can take a long time and often you have to search how to delete an account. And it's not always clear if some website can let you delete websites or if they are just saying they don't have to delete your data.

I love the story behind!!!! 😏 can’t wait for ever episodes. A couple of years ago I just researched all of them 😄