EU gets shirty with companies who try and obtain consent through the backdoor*
Some people dislike the EU, and the bunch of interfering bureaucrats sometimes seem to exist for the sole purpose of creating unnecessary legislation, like the recent change to insurance premiums on the basis that they were sexist. Even though they were actuarially correct based on observed differences in life expectancy.
However, now the EU have actually come up with something really useful in the data protection region to stymie sneaky website sorts who pre-fill tick boxes to opt you into receiving
crap stuff you probably don’t want.
This time last year, the EU produced a draft of a General Data Protection Regulation to tighten rules, while allowing information to pass freely within the EU. However, a new report from the European Parliament's Civil Liberties Justice and Home Affairs Committee has put forward amendments to the proposed law that would mean consumers would not have to ‘opt out’ when visiting websites that have automatically filled in tick boxes to obtain consent for the site to use their personal data. The report claims that such practices do not confer consent which should be obtained in a manner that is "explicit, freely given, specific and informed” and collected through a statement or "clear affirmative action".
Report author Jan-Phillip Albrecht said:
"In order to ensure free consent, it should be clarified that consent does not provide a valid legal ground where the individual has no genuine and free choice and is subsequently not able to refuse or withdraw consent without detriment. The use of default options which the data subject is required to modify to object to the processing, such as pre-ticked boxes, does not express free consent."
Many websites currently use this sneaky trick in order to automatically sign people up to receive undisclosed piles of junk unless boxes are unticked, with many automatically reticking boxes if the web form has to be resubmitted for any reason. Should the Regulation be amended, websites will have to be more upfront about their underhand tactics, enabling them to prove that they obtained consent legally and fairly and with the full knowledge of the user. Of course, the easiest way to do this would be to untick all the boxes. Large corporations who are in a "dominant position” in their market would face the tightest rules, should the amendments be adopted.
The report also sets out recommendations for (unquantified) "financial indemnification” in the event of any data breaches which lead to transfers of data to "non-approved ‘third’ countries” as well as new rules to allow consumers the right to access details of information shared with public authorities.
* you have a dirty mind