Lmfao. Nice job, let’s read the whole thing shall we?

> Processing shall be lawful only if and to the extent that at least one of the following applies:

> the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

> processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

> processing is necessary for compliance with a legal obligation to which the controller is subject; processing is necessary in order to protect the vital interests of the data subject or of another natural person;

> processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

> Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old.

> 2Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.

> 3Member States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.

Taken together, the company is only requires to get consent if 1) it processes the information, and 2) it is directly done for services direct to children.

So no mandatory consent or age verification across the board. You wanna try again bud?

Lmfao. GDPR is compliance and infosec. Quick quiz: what’s GRC stand for buddy?

You don’t get the point of infosec and data protection. Minimizing risk is critical. Stop talking about shit you don’t understand please :)

The fact that collecting it puts companies at further risk and GDPR doesn’t require it? The fuck you on about?

It is an example of how laws may not require active collection of personal data.

Not necessarily. COPPA has no such requirement, for example. Instead, it applies if you know or reasonably suspect a child under a specific age could or is using the platform. It’s sort of a “don’t ask don’t tell” dilemma here.

I can’t ever see GDPR as being construed as to mandate more Personal Information collection in order to comply. That’s a crazy argument from Italian regulators. Shame it’s coupled with a legitimate, critical ruling.

As long as legal divisions treat the interests of the consumer in data privacy as adversarial to the interests of the firm, US companies will not get this. It’s a conscious choice to prioritize a few extra immediate dollars over the intangibles of company reputation, long-term stability and differentiation, and overall compliance.

Yeah nah, that won’t fly. It doesn’t even fly here in the US, an opt-out requirement is an opt-out, justification has no place here

Except that’s not what the fine is for. The fine is for using a banned service.

EDIT: Additionally, it is not Google’s job to make sure another Company is compliant.

Sigh. Let me explain:

Google Analytics is a service. A company based in the EU pays to run it on their platform. The one who gets fined isn’t Google, but the company who uses it in violation of the ban

No you didn’t. You don’t understand what Google Analytics is if you think that Google is the one slapped with a violation lol.

No I don’t. You seem to be deliberately ignoring the fact that privacy regulations can either deter or punish, or both. And just because some firms fuck up doesn’t mean the regulations aren’t effective. Even in the EU they don’t achieve 100% compliance all the time.

The FTC regularly fines and issues consent decrees, and has done so for literally decades…..

No. You don’t have to go hunting. The text:

> (a) Initial notice and opt-out requirement —

> (1) In general. You may not use eligibility information about a consumer that you receive from an affiliate to make a solicitation for marketing purposes to the consumer, unless:

> (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer;

> (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to “opt out,” or prohibit you from using eligibility information to make solicitations for marketing purposes to the consumer; and

> (iii) The consumer has not opted out.

There’s more, but this comment displays a fundamental lack of familiarity with US privacy law. For example, they can’t collect data unless it’s for credit approval purposes. Meaning you must seek the service and consent to provide the info for a limited purpose. And even GDPR respects that.

It’s close ties to a foreign government, it’s profiling apparatus’ in conjunction with the foreign government connections, etc.

You actually can. FCRA and FACTA provide you a ton of control and opt-out….

TikTok is unquestionably a national security risk for government workers, contractors, and contracting firms.

Already happening. Google Analytics is banned in Germany and Italy. Also, the US’ patchwork isn’t far off from GDPR, it’s just far less cohesive. US citizens have many of the same rights and control over their data, and have for decades in some cases.