Conversation

Notices

1. Embed this notice
   Neil Brown (neil@mastodon.neilzone.co.uk)'s status on Friday, 28-Apr-2023 16:15:29 JST Neil Brown

   Has anyone asked 1Password how it intends to comply with EU/UK law, forbidding it from accessing information (anonymised or not) stored on a user's device, for a purpose which is not strictly necessary for the provision of the service, without the user's consent? (Art 5(3) https://www.legislation.gov.uk/eudr/2002/58/article/5)

   Is 1Password claiming that this is "strictly necessary", such that it doesn't need consent?

   "We’re Changing How We Discover and Prioritize Improvements | 1Password"
   https://blog.1password.com/privacy-preserving-app-telemetry/

   #ePrivacy

   • Embed this notice
     Neil Brown (neil@mastodon.neilzone.co.uk)'s status on Friday, 28-Apr-2023 16:15:26 JST Neil Brown

     in reply to

     FWIW, I think that Debian's "popularity contest" banner is a good example of an "active choice" approach to getting consent for anonymous on-device analytics.

     Clear, instructions on how to stop it, no pressure or dark patterns, and equally prominent choices for "yes" and "no" with a default selection of "no" so that if you install by just hitting "enter" repeatedly, you select "no".

   • Embed this notice
     Neil Brown (neil@mastodon.neilzone.co.uk)'s status on Friday, 28-Apr-2023 16:15:27 JST Neil Brown

     in reply to

     The key bit, from an EU/UK ePrivacy point of view, is this bit:

     > we’ll also provide guidance on how you can opt out if you’d like to

     A chance to opt out is not the same as "consent".

     Consent requires a "yes" (preferably an enthusiastic "yes!"), not the absence of a "no".

     pettter repeated this.