SEAN GLADWELL via Getty Images
This Series explores surveillance and its intersection with race and civil rights. made possible with support from Columbia University’s Ira A. Lipman Center.
Advertisement
Advertisement
Advertisement
“The patent is pretty hilarious. The idea it is premised on seems to be that a refusal of consent has to have the same high standards as a granting of consent—that is to be specific, informed, freely given, and unambiguous,” said Michael Veale, a professor of digital rights and privacy at UCL Laws. “But that's simply incorrect. Refusing consent is a different act from giving it, and is not subject to those standards. Furthermore, data protection law specifically recognises that an individual 'may exercise his or her right to object by automated means using technical specifications.'”In a 2020 study on dark patterns and GDPR compliance, a team of researchers including Nouwens and Veale scraped a sample of the UK’s top websites and found the majority were serviced by a handful of CMPs including OneTrust and were, at best, minimally compliant with privacy laws and regulations. In a survey of 680 of the UK's top sites, 24 percent of them used OneTrust and only 1.8 percent of those sites were minimally compliant with GDPR, according to the study authors. Researchers defined minimal compliance as "if it has no optional boxes pre-ticked, if rejection is as easy as acceptance, and if consent is explicit."Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.
Advertisement