Hello friend, thanks for stopping by! 👋 This article is still a work in progress. I talked about some of these points (in Swedish) on Kodsnack 466.

When I was 6, one of my favorite games was the rather boringly name Don’t touch the ground. When I later learned the English name, The floor is lava, I was delighted at how the short English name succinctly captured the feeling of excitement, dread and safety in 4 simple words. The floor really was lava in my 7 year old mind, but at the same time I could take risks and make the big jumps since nothing terrible would happen if I slipped up.

When I was 36, GDPR was introduced and after a few month of being absolutley terrified, companies quickly started playing The Floor Is Lava - “Just click here and we’ll take really good care of your personal data wink wink”, “Your integrity is important to us, please accept this tracking cookie as it is essential to the site functioning”. Just like I pretended that the floor was lava, the companies have paid lip service to the notion of privacy as dictated by GDPR.

GDPR doesn’t suck, the companies suck

The companies started plastering their website with dark pattern cookie banners which have become synonymous with GDPR, despite there being no mention of cookie banners in GDPR. This quickly established the trope of “those damned GDPR popups”, placing the blame for the situation on the GDPR legislators rather than the companies engaging in malicous compliance. The companies kept skipping from stone to stone, but the longer time went, the more shortcuts of the lava they took.

However, recently the floor has started to get a bit warmer.

First, an Austrian court deemed Google Analytics illegal, which was quickly followed by a French court. A German court even found that using Google Fonts violates GDPR as it sends an IP adress to Google.

In the background the Yellowstone volcano of IT was looming - Schrems II.

Max Schrems first reaction