this post was submitted on 01 Jul 2024
453 points (99.6% liked)

Technology

59192 readers
2164 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Zak@lemmy.world 57 points 4 months ago (1 children)

The relevant section of the DMA imposes restrictions on designated gatekeepers. It does not apply to websites that are not designated as gatekeepers.

That behavior might be questionable under the GDPR though.

[–] variaatio@sopuli.xyz 35 points 4 months ago* (last edited 4 months ago)

Main issue comes from GDPR. When one uses the consent basis for collecting and using information it has to be a free choice. Thus one can't offer "Pay us and we collect less information about you". Hence "pay or consent" is blatantly illegal. Showing ads in generic? You don't need consent. That consent is "I vote with my browser address bar". Thing just is nobody anymore wants to use non tracked ads.....

So in this case DMA 5(2) is just basically re-enforcement and emphasis of previous GDPR principle. from verge

“exercise their right to freely consent to the combination of their personal data.”

from the regulation

  1. The gatekeeper shall not do any of the following:
    (a) process, for the purpose of providing online advertising services, personal data of end users using services of third parties that make use of core platform services of the gatekeeper;
    (b) combine personal data from the relevant core platform service with personal data from any further core platform services or from any other services provided by the gatekeeper or with personal data from third-party services;
    (c) cross-use personal data from the relevant core platform service in other services provided separately by the gatekeeper, including other core platform services, and vice versa; and
    (d) sign in end users to other services of the gatekeeper in order to combine personal data,

unless the end user has been presented with the specific choice and has given consent within the meaning of Article 4, point (11), and Article 7 of Regulation (EU) 2016/679.

surprise 2016/679 is..... GDPR. So yeah it's new violation, but pretty much it is "Gatekeepers are under extra additional scrutiny for GDPR stuff. You violate, we can charge you for both GDPR and DMA violation, plus with some extra rules and explicity for DMA".

I think technically already GDPR bans combining without permission, since GDPR demands permission for every use case for consent based processing. There must be consent for processing.... combining is processing, needs consent. However this is interpretation of the general principle of GDPR. It's just that DMA makes it explicit "oh these specific processing, yeah these are processing that need consent per GDPR". Plus it also rules them out of trying to argue "justified interest" legal basis of processing case of the business. Explicitly ruling "these type of processing don't fall under justified interest for these companies, these are only and explicitly per consent type actions".