My hot take is that GDPR, CCPA, etc. should require sites to go through a standard user experience native to the browser’s chrome. Kind of like how Android and iOS handle tracking permissions for Play and App Store apps.
That seems like it would be way easier to audit / govern, and it would be a better overall experience for end users.
The issue with that is that there are so many different apps that process data in so many different ways.
A phone has a bunch of physical features. Letting a website/app know what’s available and request access is a small extension of the hardware APIs with clear defined purposes.
But a financial app is going to have widely different data interests and processing than a workout app, which will be different from a video game, a calculator, a forum etc.
I don’t know how it can be normalised into something programmatic.
I guess it’s why law and courts are so complex. Sure, laws are written down, it should be easy… but they are regularly challenged and tested.
It’s a difficult problem to solve.
The ideal way would be to cut the legalese bullshit in the privacy policy.
However, that’s a legal document, so it needs the legalese.
It actually needs an honest human readable summary that sums up what’s collected, why it’s used etc.
Oh, I’d noticed that a lot of sites now seemed a lot better. It’s so frustrating when a site has you jump through 4 delays to reject, but accept keeps working fine. As soon as there is a delay now, I’m out of there.
It’ll be nice when we have the settings built into your browser and the sites need to comply so it’s on them not you to verify your preferences.
An amendment has changed the rules on that. They need to be as easy to reject as to accept. Lots of websites atm are breaking the law on this still.
My hot take is that GDPR, CCPA, etc. should require sites to go through a standard user experience native to the browser’s chrome. Kind of like how Android and iOS handle tracking permissions for Play and App Store apps.
That seems like it would be way easier to audit / govern, and it would be a better overall experience for end users.
The issue with that is that there are so many different apps that process data in so many different ways.
A phone has a bunch of physical features. Letting a website/app know what’s available and request access is a small extension of the hardware APIs with clear defined purposes.
But a financial app is going to have widely different data interests and processing than a workout app, which will be different from a video game, a calculator, a forum etc.
I don’t know how it can be normalised into something programmatic.
I guess it’s why law and courts are so complex. Sure, laws are written down, it should be easy… but they are regularly challenged and tested.
It’s a difficult problem to solve.
The ideal way would be to cut the legalese bullshit in the privacy policy.
However, that’s a legal document, so it needs the legalese.
It actually needs an honest human readable summary that sums up what’s collected, why it’s used etc.
Oh, I’d noticed that a lot of sites now seemed a lot better. It’s so frustrating when a site has you jump through 4 delays to reject, but accept keeps working fine. As soon as there is a delay now, I’m out of there.
It’ll be nice when we have the settings built into your browser and the sites need to comply so it’s on them not you to verify your preferences.