> Nothing states that consent has to be more difficult than non-consenting.
Nobody is arguing that consent should be more difficult.
The complaint is that non-consent is often much more difficult than consent, sometimes ridiculously so.
In my personal experience I have been unable to find the no-consent option at all on some sites. Just links that go around in circles, sometimes to hundreds of ambiguous and mixed-polarity yes/no-or-was-it-no/yes-style options (one for each of hundreds of "partner sites" I've never heard of), with the only clear option being consent-to-all.
If I eventually click on "ok" that is not freely given consent, it's coerced due to me being unable to find or understand how to decline it.
It is technically easy to provide a "decline-to-all" option whenever they have provided a "consent-to-all" option.
Therefore, clearly companies which provide an easy consent-to-all but make decline-to-all virtually impossible to select, or actually impossible, are doing so deliberately, intending to frustrate the consumer from exercising their rights.
The law says that a person should be able to decline if they choose, that it should be easy enough to do, and easy to understand which option they are choosing. Such sites are not compliant with that principle, and it looks like deliberate non-compliance to me.
> The request has to be distinguishable, not the consent.
Well, "the request" is what we've been talking about. It means the UI. Things like "Ok" and "decline" buttons, how the options are presented, how they are explained clearly and unambiguously, the ease and accessibility of selecting the freely chosen option, that sort of thing.
>Therefore, clearly companies which provide an easy consent-to-all but make decline-to-all virtually impossible to select, or actually impossible, are doing so deliberately, intending to frustrate the consumer from exercising their rights.
Yes, that's their business concept and it is legal.
>The law says that a person should be able to decline if they choose, that it should be easy enough to do, and easy to understand which option they are choosing.
The law states:
>>It shall be as easy to withdraw as to give consent.
>Such sites are not compliant with that principle, and it looks like deliberate non-compliance to me.
I rather think that they follow the law to the T. People would love if their behavior would be illegal but they forgot that companies are involved in the law making process, too. The EU wants its companies to be competitive on the internet. Making it impossible for companies to finance themselves with advertising in their home market would kill their already weak internet economy. Who would accept the sharing of private data if a rejecting would be as easy as accepting?
GDPR is a compromise between the protection of the netizens and the business interest of the economy. As such, it protects against the worst abuse but the world is not free. In one way or the other, somebody has to pay.
>>>It shall be as easy to withdraw as to give consent.
>>Such sites are not compliant with that principle, and it looks like deliberate non-compliance to me.
> I rather think that they follow the law to the T.
I think "as easy" is plainly incompatible with "much harder" or "impossible".
You cannot make something plainly much harder than something else, and still pass the "as easy" test in the law to a T.
You also cannot pass the "accessible" test that way.
>> intending to frustrate the consumer from exercising their rights.
> Yes, that's their business concept and it is legal.
I don't believe it is legal, because these are statutory rights.
To use an analogy that involves another statutory right, it would be like a company preventing you from exercising your right to return a broken product "because it's their business model to ship defective products and we cannot kill the economy by preventing that business". Companies do get away with that, because people can't find the energy to pursue it, especially for small violations, but when sued those companies do lose.
You cannot determine that it's legal just from the fact that companies get away with it.
Not if the rejection is made so difficult, or impossible, or inaccessible, or incomprehensible, or ambiguous, that the consent fails to meet the standard of freely given consent.
Clicking the "ok I consent" button does not count as consent under the law if the user believes they have to click it to use the service, assuming what is attached to that button isn't technically necessary for delivery of the service.
And holding PII for marketing and tracking purposes does not count as necessary, despite any economic argument that it pays for the service. That argument is disallowed.
>the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. [1]
On which part of the law do you base your first paragraph? The text that fits for me is all about the consent, not the rejection. It must be easy to understand to which a person consents, but the rejection can be difficult.
There is also:
>When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
Services have to point out that consent is not necessary. If that's usual not done, then this abuse can be ended by notifying the EU. I thus assume that most services offer that notice. Then it is very difficult to argue in court that a user still believed that they didn't mean to give consent. People have to argue for their legal incapability if they want to get out. Who would do that?
The compromise of the law is that people in general mindlessly click ok so that targeted advertising is possible. People who mind tracking can easily opt out. This leaves the ignorant to be tracked. How else should free services be financed? The only other option is making people pay for everything which is ok but a radical shift for the internet.
Nobody is arguing that consent should be more difficult.
The complaint is that non-consent is often much more difficult than consent, sometimes ridiculously so.
In my personal experience I have been unable to find the no-consent option at all on some sites. Just links that go around in circles, sometimes to hundreds of ambiguous and mixed-polarity yes/no-or-was-it-no/yes-style options (one for each of hundreds of "partner sites" I've never heard of), with the only clear option being consent-to-all.
If I eventually click on "ok" that is not freely given consent, it's coerced due to me being unable to find or understand how to decline it.
It is technically easy to provide a "decline-to-all" option whenever they have provided a "consent-to-all" option.
Therefore, clearly companies which provide an easy consent-to-all but make decline-to-all virtually impossible to select, or actually impossible, are doing so deliberately, intending to frustrate the consumer from exercising their rights.
The law says that a person should be able to decline if they choose, that it should be easy enough to do, and easy to understand which option they are choosing. Such sites are not compliant with that principle, and it looks like deliberate non-compliance to me.
> The request has to be distinguishable, not the consent.
Well, "the request" is what we've been talking about. It means the UI. Things like "Ok" and "decline" buttons, how the options are presented, how they are explained clearly and unambiguously, the ease and accessibility of selecting the freely chosen option, that sort of thing.