Randy Bush wrote on 03/05/2019 00:31:
i am curious what technical and management decision processes which allowed this to happen. something broke.
unless the ripe ncc has a hitherto unknown evil conspiratorial agenda, I'd assume this happened for the usual reasons: third party trackers allow incredibly detailed and useful telemetry information to be collected about the performance and usage characteristics of a web site, which provides invaluable feedback to the dev and mgmt team, and without which it would be really hard for them to do their jobs. The downside is that all externally-hosted trackers do exactly that: they track, and then correlate individual usage profiles across different web sites to build up profile information about individual users. And they provide no easy way of removing this information from their DBs, nor do they provide a consistent way of declining to contribute to this data pool. In relation to the GDPR, the CJEU is in the process of trying to figure out where the privacy responsibilities lie in Case C‑40/17 - Fashion ID vs Verbraucherzentrale NRW. Advocate General Bobek has made a non-binding suggestion to the court that this responsibility be shared between the web site and the third party tracker site, but no formal ruling has been made so far; nor is it clear what the practical implications would be for either party. It would be interesting to see what the consequences would be of requesting GDPR requests in the context of this judgement. How would the RIPE NCC handle a request from Jo Bloggs who wanted all her tracking data deleted and who wanted to opt out in future? How would the tracker IDs be identified in a way which was comprehensible to the average user? Did she provide informed consent in the first place, or does a footer notification at the bottom of the site constitute informed consent that she was ok about being tracked from the RIPE NCC to her favourite political web site, then to a civil rights site, then to an online store, then to a religious advocacy site before settling on her favourite online news sources? - at which point the tracker operator has gleaned more information about her than she probably knew herself. The RIPE NCC can't fix this issue, but it would be a good starting point to note that the use of trackers raises deeply uncomfortable questions about online privacy, with no clear answers. Nick