zlacker

> I can go on and on. We need some actual ethics, and regulation as a fail-safe for cases where the former doesn't work.

Or become an EU resident and use their brilliant data-handling privacy laws

>>tomcoo+(OP)
I am in Europe and the GDPR is a joke. You are supposed to first complain to the company itself, give them a month to reply with a satisfactory response, and if not, then escalate to the country's privacy regulator which seems to do absolutely nothing according to my experience.

Can you imagine doing all these things every time your privacy is violated (every non-compliant cookie banner, tracker, newsletter, etc)? That would be a full-time job. It's almost like "justice" in the US, in theory you can win, in practice you have no chance unless you have billions to pay lawyers to fight decade-long legal battles on your behalf.

>>Nextgr+n
> country's privacy regulator which seems to do absolutely nothing according to my experience.

Well, then move to another EU country :D I've had ours issue a couple of fines based on complaints I filed, even pre-GDPR.

True, I don't file for every non-compliant cookie banner or tracker, but if they start spamming me despite not having authorized that use of the data, I do. But it's been quite rare in the past couple of years.

>>Nextgr+n
Much like my sibling comment, things have always been pretty fast and reliable in France, Italy, Portugal, Spain, UK, and the Netherlands.

I literally do these things everytime my privacy, just like I'd do with any other right, is violated. And no it's not a full-time job, that's precisely why I delegate.

Not using real data, unless the interactions are legally binding, helps a lot. Give it a spin maybe?

>>tomcoo+dl
I am in the UK and my experience has been the opposite - they are helpful when it comes to questions but seem completely useless at actually getting things resolved. I file complaints regarding privacy and never hear anything again and the company continues with the bad behaviour.

> that's precisely why I delegate.

You mean you pay someone else to deal with the bullshit? It's a good strategy and I've considered it but it shouldn't be up to us to pay (with time and/or money) to investigate these issues, especially considering the regulation doesn't give you any way to recover those expenses even if the offender is indeed in breach of those regulations. There's also the problem of the people who would be the most affected by the privacy breaches are the ones that are less likely to have the disposable income necessary to pay someone else to deal with this on their behalf.

> Not using real data

Two problems with this:

1) It's hard to defend against data being collected in the background, and privacy plugins can be a double-edged sword by making you stand out more (the lack of data is data by itself). IP tracking is very hard to defend unless you have access to a huge pool of IPs and configure your computer to pick random ones for each host it's connecting to.

2) In some cases it's impossible - ordering goods, food or transport online. Some require identifiers like phone numbers you can't easily get in volume.

>>Nextgr+n
GDPR did a lot through fear alone. Companies really stepped up their game. At least the small and medium ones. The big ones knew that laws are only laws if they are enforced and that it's going to take "a while" for that to happen, and it will probably happen only partially. But the most important part was that now people have an increased expectation of privacy (even if it's still lower than even what GDPR prescribes in most cases).

But GDPR is just the 2nd step. The 3rd is the e-privacy regulation that is coming, hopefully in this mandate.