Can someone who understands GDPR better than me explain how this works in light of the policy that you can't degrade functionality to force tracking consent?
If I remember right they also adjusted the ToS differently in different parts of the world - presumably they are not going for consent base in EU, so any such argument wouldn't apply anyways.
(EDIT: edited for clarity of the argument being made)
The GDPR is (as that R hints) a Regulation, and so yes it directly binds EU member states, however it is the successor to a Directive, which is EU legislation that works by telling member states to all write their own local legislation to achieve some general goal in their own way.
The UK transcribed the Regulations into its own law when leaving, because that allows to delay the tedious work of figuring out which rules, if any, should be modified, or eliminated for the UK itself going forward, something that in principle the elected politicians would obviously want a say in but there's always something more important.
The UK had anyway had similar rules prior to even the Directive, in the form of the Data Protection Act. More modern rules change some of the details, but the general thrust has been consistent, you should not have data about people that you don't need, and unless you have some compelling reason not to ask (e.g. detectives obviously won't be telling somebody they're collecting evidence that they sell stolen goods) you must ask permission before you store data about people in the first place, and people have a right to ensure your data about them is correct, which necessarily means they have a right to know what that data is.
The first Act cares too much about exactly how you store data, so that a filing cabinet full of information about people ends up not captured, while an Excel spreadsheet is. In current legislation (and the GDPR) you can't get away that easily. If you write all those records by hand, then shove the piles of paper unsorted, into an old shoebox and put it in a broom closet, then they're not subject to the rules, but they're also now pretty useless to you. The moment you arrange to make them easily accessible so that your business could benefit from having these records at all, they get captured by the rules.
Data protection agencies don't get to interpret the GDPR, courts do.
The GDPR does not contain any clause that someone has to provide a service for free without any kind of tracking. That would basically eliminate Facebook and Google as valid business models. There was such a stipulation in discussion for the e-privacy directive but it was legally half-baked and IIRC it is out of discussion by now.
I'm pretty sure it does - or maybe it's the e-privacy directive or something else, they all get called GDPR. But you have to make clicking no obvious, easy, and not degrade functionality.
Please provide a source for such a statement. Even the e-privacy directive has changed a lot lately. Your interpretation would render many business models illegal (e.g., Facebook, google).
Does GDPR prevent you from incentivizing/strong-arming/etc your users? I haven't heard anything about it if so (but I'm not particularly fluent in it). Obviously (hopefully?) it'll be bad to trick them into approving, but do this or GTFO seems fine, I'd be surprised if it somehow required companies to keep user accounts, or require identical features in-GDPR and out.
