Not honoring Do Not Track (DNT) is a #GDPR violation. If you receive a DNT signal, you must turn off all tracking. Furthermore, as the person has made their choice explicit and clear, you must not ask them again (via popovers, modals, etc.)

How do we get this enforced. The first part seems like it is already covered by GDPR. Would the second half we enforceable under the current framework?



@aral Using the DNT header is a great idea!

One approach: Set this header, then access any websites. Don't click any 'agree' nonsense. Then prove that they tracked you, probably by making a data protection access request to see all data they have on you.

Then report that to your local Data Protection Authority, and try to get them to make a precedent. I think (due to the ), non-gov orgs can sue companies, rather than needing a DPA (cf. noyb)

Sign in to participate in the conversation

Moytura. Destroy the old gods.