Content deleted Content added
unexplained change of spelling |
|||
Line 291:
In November 2021, Irish Council for Civil Liberties lodged a formal complaint of the Commission that it is in breach of its obligation under EU Law to carefully monitor how Ireland applies the GDPR.<ref name=":10">{{Cite web |last=Ryan |first=Johnny |date=2023-01-31 |title=Europe-wide overhaul of GDPR monitoring triggered by ICCL |url=https://www.iccl.ie/digital-data/europe-wide-overhaul-of-gdpr-monitoring-triggered-by-iccl/ |access-date=2023-04-08 |website=Irish Council for Civil Liberties |language=en-GB |archive-date=6 April 2023 |archive-url=https://web.archive.org/web/20230406075809/https://www.iccl.ie/digital-data/europe-wide-overhaul-of-gdpr-monitoring-triggered-by-iccl/ |url-status=live }}</ref> Until January 2023, the Commission published a new commitment based on the complaint of ICCL.<ref name=":10" />
While companies are now subject to legal obligations, there are still various inconsistencies in the practical and technical implementation of GDPR.<ref>{{Cite book|last1=Alizadeh|first1=Fatemeh|last2=Jakobi|first2=Timo|last3=Boldt|first3=Jens|last4=Stevens|first4=Gunnar|title=Proceedings of Mensch und Computer 2019 |chapter=GDPR-Reality Check on the Right to Access Data |date=2019|pages=811–814|___location=New York|publisher=ACM Press|doi=10.1145/3340764.3344913|isbn=978-1-4503-7198-8|s2cid=202159324}}</ref> As an example, according to the GDPR's right to access, the companies are obliged to provide data subjects with the data they gather about them. However, in a study on loyalty cards in Germany, companies did not provide the data subjects with the exact information of the purchased articles.<ref name=":7">{{Cite journal|last1=Alizadeh|first1=Fatemeh|last2=Jakobi|first2=Timo|last3=Boden|first3=Alexander|last4=Stevens|first4=Gunnar|last5=Boldt|first5=Jens|date=2020|title=GDPR Reality Check–Claiming and Investigating Personally Identifiable Data from Companies|url=https://eusec20.cs.uchicago.edu/eusec20-Alizadeh.pdf|journal=EuroUSEC|access-date=17 June 2020|archive-date=17 June 2020|archive-url=https://web.archive.org/web/20200617145507/https://eusec20.cs.uchicago.edu/eusec20-Alizadeh.pdf|url-status=live}}</ref> One might argue that such companies do not collect the information of the purchased articles, which does not conform with their business models. Therefore, data subjects tend to see that as a GDPR violation. As a result, studies have suggested for a better control through authorities<ref>{{Cite journal |last=Smirnova |first=Yelena |last2=Travieso-Morales |first2=Victoriano |date=2024-04-04 |title=Understanding challenges of GDPR implementation in business enterprises: a systematic literature review |url=https://www.emerald.com/insight/content/doi/10.1108/IJLMA-08-2023-0170/full/html |journal=International Journal of Law and Management |language=en |volume=66 |issue=3 |pages=326–344 |doi=10.1108/IJLMA-08-2023-0170 |issn=1754-243X}}</ref>.<ref name=":7" />
According to the GDPR, end-users' [[consent]] should be valid, freely given, specific, informed and active.<ref name=":8">{{Cite book|last1=Human|first1=Soheil|last2=Cech|first2=Florian|title=Human Centred Intelligent Systems |chapter=A Human-Centric Perspective on Digital Consenting: The Case of GAFAM |date=2021|editor-last=Zimmermann|editor-first=Alfred|editor2-last=Howlett|editor2-first=Robert J.|editor3-last=Jain|editor3-first=Lakhmi C.|series=Smart Innovation, Systems and Technologies|volume=189|language=en|___location=Singapore|publisher=Springer|pages=139–159|doi=10.1007/978-981-15-5784-2_12|isbn=978-981-15-5784-2|s2cid=214699040|chapter-url=https://epub.wu.ac.at/7523/1/HCIS2020_A%20Human-centric%20Perspective%20on%20Digital%20Consenting_The%20Case%20of%20GAFAM_Soheil%20Human_Florian%20Cech.pdf|access-date=23 August 2020|archive-date=14 April 2021|archive-url=https://web.archive.org/web/20210414233129/https://epub.wu.ac.at/7523/1/HCIS2020_A%20Human-centric%20Perspective%20on%20Digital%20Consenting_The%20Case%20of%20GAFAM_Soheil%20Human_Florian%20Cech.pdf|url-status=live}}</ref> However, the lack of enforceability regarding obtaining lawful consents has been a challenge. As an example, a 2020 study, showed that the [[Big Tech]], i.e. [[Google]], [[Amazon (company)|Amazon]], [[Facebook]], [[Apple Inc.|Apple]], and [[Microsoft]] (GAFAM), use [[dark pattern]]s in their consent obtaining mechanisms, which raises doubts regarding the lawfulness of the acquired consent.<ref name=":8" />
| |||