YouTube’s ad blocking crackdown is facing a new challenge: privacy laws | Privacy advocates argue YouTube’s ad blocker restrictions violate the European Union’s online privacy laws.::YouTube is launching a “global effort” to crack down on ad blockers, but some privacy advocates in the European Union argue that it’s illegal.
Wouldn’t Netflix’s password sharing fall under the same law then?
They use user information like connected wifi and position data to determine if a device is used away from the defined “home”.
No.
Netflix logging your IP is the equivalent of taking a photo of someone in public. Not ideal if you’re into privacy, but it’s a public place, so it’s your problem. YouTube’s Adblock detection is equivalent to patting them down to see if they have a weapon and requiring their ID. The software actively looks for changes, using technology that could detect what extensions you have installed, gather data to profile you better for ads, and monitor what you’re doing in your browser while the tab is open.
Both are ultimately for the same purpose, to prevent people from avoiding to pay them, but methods matter.
Incorrect. https://gdpr.eu/eu-gdpr-personal-data/ states IP addresses are personal data.
Wow, so basically blacklisting email sender’s on ip address isn’t allowed either? When is an IP address, an individual and when is it just a machine in the cloud?
You can. After all the GDPR does not forbid you to not accept to talk to someone.
GDPR does NOT prohibit storing any information indefinitely if it is required for proper functioning of the service. If the service bans you by IP, they need your IP indefinitely to function properly and GDPR doesn’t apply. Just like you can’t remove yourself from a creditor black list, and it will have a lot more personal information than just an IP address.
What matters is the association of the IP to a person or account. If you receive spam and block the source IP it’s not personal data. If you create an account on a website and they store your IP to it then it is.
Handling IPs for necessary technical service protection can also be acceptable without explicit consent as long as it’s limited/temporary (you may be able to handle that without account association in the first place anyway).
GDPR doesn’t say you can never use any form of user data. It says a lot about what data is considered personal, what kind of disclosure and consent you need to setup first (mostly terms of service stuff), how you can store that data, how you can use it, and what responsibilities you have to remove or produce a copy of that data on demand. Until you’ve implemented GDPR it can be hard to understand what it is. But it’s not a super bonus +1 magic shield for all information.