Not honoring Do Not Track (DNT) is a violation. If you receive a DNT signal, you must turn off all tracking. Furthermore, as the person has made their choice explicit and clear, you must not ask them again (via popovers, modals, etc.)

How do we get this enforced. The first part seems like it is already covered by GDPR. Would the second half we enforceable under the current framework?


@aral unless somebody goes to court over this, I don't expect this to work, sadly.

Make a complaint to your country's equivalent of the Information Commissioner:

Multiple compaints in multiple EU states wouldn't be a bad thing.

@aral Big ass motherfucking lawsuits.

Website/publisher gets hit by a million-euro-per-user class and they'll "consider alternative site dynamics reflecting consumer preferences".


Yep. Still waiting for these. Don’t see them happening though. I kept hearing about the money-blood sniffing gdpr lawyer sharks, but so far no sign of them.

Maybe there are big cases in the works for the tech giants, but what we need is some targeted cases on media/publishing. Oath and it’s slough of crap would be a good start.

@aral It could be a good default setting to honor. Not sure how deep this DNT enforcing should go.

@Aral Balkan This would be a great thing, do you have any source for this?

@aral the EU DPA should make available an open endpoint that can be called to dump whatever breach automatically if a DNT request is not honored or has the issues you explained

This is supposed to be covered by the #ePrivacy bill that is supposed to be ratified next year. Unless lobbying of EU parliament members succeeds and it is watered down to nothing again, but how likely is that ....

I could honestly care less about GDPR. I disagree with folks abusing the Do Not Call/Do Not Track list, but I'm more concerned about foreign governments telling me how I can run my own websites. :)

@shawneric Hallelujah bro, nuke’em commie bastards in their commie’pean asses, amirite? Amurika fuck yeah! U-S-A! U-S-A!

Lol wtf? Bombs aren't needed when I have my middle finger ;)

@aral The first problem is probably to be aware it even happens. While developing / debugging Better Blocker you see it happening. But as an end user I'm mostly unaware there is even a violation on a particular site. If it weren't too much of a hassle I might report it, I did this for years with SPAM.

@aral Using the DNT header is a great idea!

One approach: Set this header, then access any websites. Don't click any 'agree' nonsense. Then prove that they tracked you, probably by making a data protection access request to see all data they have on you.

Then report that to your local Data Protection Authority, and try to get them to make a precedent. I think (due to the #GDPR), non-gov orgs can sue companies, rather than needing a DPA (cf. noyb)

@aral I'd assume you would need to contact the hosting country's equivalent of the Information Commisioner/Communications and Media Authority/etc (the government department that deals with the Internet, basically).

It probably wouldn't hurt to also contact your government's equivalent department.

(I have one website I need to report - it not only doesn't honour DNT, its functionality actually breaks completely if you have DNT settings on.)



You report the offending website, possibly giving evidence, to *your country's* Supervising Authority.

Also, you can contact the site's DPO or privacy contact asking for a copy of any and all information regarding you they may have collected during your navigation, and warn them as per GDPR they cannot destroy it since you are going to provide it as evidence to your Supervising Authority

Sign in to participate in the conversation
Aral’s Mastodon

This is my personal Mastodon.