Ok so yesterday I decided to start sending e-mails to every website I visit that doesn't comply with #GDPR when using #GoogleAnalytics etc. (things like: "by using this website you agree to...")

And the first one I contacted replied today to tell me it's fixed now 😁 They ended up removing Google Analytics all together.

You should try this too! 😄

Basically what I write is:

1. You're not complying with GDPR by not letting your user opt out of analytics (you need consent first!)
2. Will you please consider fixing this?
3. Fixing this should also be in your interest, since *anyone* can send a complaint to your DPA.

Maybe next time I'll add a note about cookieless alternatives, such as Plausible :)

Show thread

@sigsegv these websites annoy me so much. It's great you had such an immediate & positive response. I'm going to try this now.

I gather this wouldn't work with non-European websites/companies?

@GwenfarsGarden @sigsegv non-European websites are still subject to GDPR as long as European citizens can access them. Which is why Google and Facebook aren't allowed to throw tracking cookies all over the place without explicit consent from every single person they're tracking.

@zatnosk @GwenfarsGarden Yes, but I guess it's slightly more complicated? In EU you can report GDPR violations to a local DPA, but for US companies you might have to go directly to EU? (if so, smaller US companies don't risk as much when violating GDPR).

But I'm not an expert, so please let me know if I misunderstood something here 😅


@sigsegv @GwenfarsGarden non-EU companies are required to have an appointed representative in EU, so the authorities can go through that representative.


I'm not fully on top of all the conditions for when this triggers, but non-EU companies don't get to do anything less than EU companies are required to do.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!