You can’t forbid access to information
Like I said previously, GDPR and french CNIL (CNIL being the authority that inspired GDPR, based on the famous french law, “Loi Informatique et Libertés” created in January 6th 1978, 43 years ago) say that user consent must be freely given without any gain or loss. You can’t give access to content in exchange of user consent. This is illegal.
I am surprised how people interacting in this thread know so little about the basic principles of GDPR introduced in 2016, 5 years ago.
See GDPR, point 32
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her (…) the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
Conclusion : In case of refusal, user must still access to the site.
In addition, the right to freely access to information on any media is backuped by the Article 19 of Universal Declaration of Human Rights, which was introduced the 10 December 1948, 73 years ago.
Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
GDPR applies to the world
I have already answered on basics, but let’s dive in in more recent threads.
Free trade agreements. Ratified between nations, they have a higher priority than constitution when they are synallagmatically signed. Individuals, companies and states can mutually sue themselves. You have to think globally.
2017 - Facebook condemned to 1.2 millions € (datalist and usages)
2020 - Ireland - Twitter condemned to 450 K (private tweets being public)
2020 - France - Google condemned to 100 millions € (cookies)
2021 - Italy - Google condemned to 100 millions € (ASO / dominant position)
A website listing 251 GDPR fines accross the world :
List of fines | GDPR Fines - INPLP
Please note that most of GDPR fines are not publicy disclosed when a private agreement is found. These few example are only publicy disclosed when the company choose to confront regulation authorities (not the best move IMHO).
Tim Cook, CEO of Apple, on GDPR applying to the world
On February 3rd 2021, Tim Cook recorded an historical message about the GDPR compliance at a worldwide scale.
Proving cynics and doomsayers wrong, the GDPR has provided an important foundation for privacy rights around the world, and its implementation and enforcement must continue.
But we can’t stop there. We must do more. And we already seeing hopeful steps forward, including a successful ballot initiative strengthening consumer protection right here in California. Together, we must send a universal humanistic response to those who claim a right to users’ private information about what should not and will not be tolerated.
As I said in Brussels two years ago, it is certainly time not only for a comprehensive privacy law here in United States, but also for worldwide laws, and new international agreements that enshrine the principles of data minimization, user knowledge, user access, and data security accross the globe.
We’ve set new industry standards for data minimization, user-control, and on-device processing for everything, from location data to your contacts and photos
And last but not least, we are deploying powerful new requirements to advance user privacy throughout the Appstore ecosystem. The first is a simple but revolutionnary idea that we call the Privacy Nutrition Label. Every App, including our own, must share their data collection and privacy practices. Information that App Store presents in a way every user can understand and act on. The second is called App tracking transparency. At its foundation, ATT is about returning control to users, about giving them a say over how their data is handled. Users have ask this feature for a long time. We have worked closely with developers to give them the time and resources to implement it. And we are passionate about it because we think it has great potential to make things better for everybody because ATT responds to a very real issue.
Technology does not need vast troves of personal data stitched together accross dozen of websites and apps in order to succeed. Advertising existed and thrived for decades without it. We are here today because the path of least resistance is rarely the path of wisdom. If a business is built on misleading users to data exploitation, on choices that are no choices at all, then it does not deserve our praise. It deserves reform.
Call us naive. But we still believe that technology made by people, for the people, and with people’s wellbeing in mind is too valuable a tool to abandon. We still believe that the best measure of technology is the lives it improves. We are not perfect. We will make mistakes. That’s what makes us human. But our commitment to you, now and always, is that we will keep faith with the values that have inspired our products from the very beginning, because what we share with the world is nothing without the trust our users have in it.
To all of you who have joined us today, please keep pushing us all forward, keep setting high standards that put privacy first, and take new and necessary steps to reform what is broken. We’ve made progress together, and we must make more, because the time is always right to be bold and brave in service of a world where, as Giovanni Bittarelli put it, technology serves people, and not the other way around.