So the solution here would be a fine that is also affecting the developer. Knowinbly aiding in breaking a law is usually frowned upon. “I did what they said because they won’t pay me otherwise” usually doesn’t fly.
I understand it’s hard to say no but it would perhaps be easier to
say “we’ll build that but it’ll cost you 5x more because we would be taking a legal risk”.
Making the option to follow the regulation cheaper has to be the goal.
So the solution here would be a fine that is also affecting the developer.
No, the solution is jail time for the founders and board members of these companies. Along with extremely harsh and vindictive confiscation of their assets.
And generous incentives for developers (such as the GP commenter) to snitch on these people for asking them to be knowingly complicit in their immoral activities.
It’d be quite the three ring circus to see France attempt to arrest Mark Zuckerberg or Larry Page. I’m 100% sure the US would flat out refuse to extradite such people, they might as well try to arrest John Roberts.
Doesn't matter that much if the US doesn't extradite them ( of course they won't, like France doesn't Polanski), they still have to avoid every EU member and close to France country, which can be pretty limiting.
Weird that the people who actually produce these things get let off the hook though, right? So you build it and don't get in trouble, just that mean ol' CEO.
Nothing to do with "mean". There's no need to emotionalize.
It's about focusing on people with (1) the most leverage over the decision-making process and (2) perfect visibility into the consequences (legal and otherwise) of their actions.
That is -- when you're dealing with the mob, you doing go after the delivery boy. You go after the foot soldiers and kingpins.
I would argue that when it comes to developing software, usually the one with the most leverage is the worker who develops it. If she says no, then it doesn't get developed. Maybe in team environments it's a bit trickier when you're looking at a feature as a whole, but each individual has full leverage over the code they produce. That they don't have leverage over the decision-making process seems like a cop out.
The mean ol' CEO has several orders of magnitude more resources in his control than the person that builds it, hence must be considered responsible to a greater degree.
I can agree that he needs to be punished to a greater extent due to his broad responsibility. But nothing at all for the ones who actually performed the work to build these illegal sites?
I think that just leaves everyone with an incentive to keep it quiet. A monetary reward for the reporting dev and a fine for the person authorizing the build puts incentives in the right place, IMO.
I was waiting for someone to make this point; It's funny how in other engineering disciplines there are clear repercussions for designing something that breaks the law, but software engineers are somehow exempt.
"The client didn't want to pay for a GFI so it's not my fault he got electrocuted ¯\_(ツ)_/¯"
> Knowinbly aiding in breaking a law is usually frowned upon. "I did what they said because they won't pay me otherwise" usually doesn't fly.
Modern weapons require cutting edge engineering. Going after web devs but leaving alone engineers who created litteral death machines would be an interesting position.
Now, engineers could decide to make software engineering a real discipline by getting a regulatory body with and start enforcing the tittle properly (but this is widely unpopular and as far as I know, not done anywhere).
I’m talking about going after developers in the sense of “subcontractors”, not humans.
Also, weapons manufacturing isn’t illegal I can’t see how there could be a case for going after anyone for it? We don’t have a morality and ethics police (at least not in most western countries)
Yes but prior to that you need to make software developers "professionals" with licensing and an ethics board. Without the ability to say, "I won't build this, and you can't replace me with someone who will" putting the onus on individual devs is pointless.
That quickly turns in to, the rich guy who will profit from the lawbreaking needs a scapegoat. Always more dignified to tell important people they're out of line by punishing their serfs, don't you know.
The developer (contractor) can be at least as big and wealthy as the buying company.
I don’t mean developer as in an individual contributor, I mean an implementor, often contractor, which will normally be a company too.
Right now it’s too easy to cut out a niche of selling snake oil services like “automatic cookie banners” with dark patterns and batteries included. Meanwhile companies are fooled by these companies into thinking that if they just pay the $ for their “compliance solution” they are done. Here is where I’d like to see the sellers of the snake oil take part of the responsibility and not just the buyers.
What is it's a small company, perhaps even a single person company? Punishing them would have a disproportionally greater negative effect on their livelihood than it would for the people in charge of the company ordering the illegal thing to be built.
You mean, a company in the business of selling cookie banners that are deliberately in violation of regulations, should be spared because its owner needs to eat? I can't see why anyone would have that sympathy.
I'm arguing against going after small business contractors implementing stuff that is deliberately in violation of regulations and instead going after the large business that is ordering such an implementation.
The products work like so: you can buy them and not put the switches in the dark pattern mode (Not called that). Or you can flick on the switches and make the experience of rejecting 3rd party cookies annoying and unlikely. Called "optimizing visitor experience mode" or similar. And companies that buy them obviously want to do that.
Are they aware that this is when they stop complying, to the point that they could just as well have ignored buying the banner service and just shoved cookies on people quietly like they did before? Perhaps. It's possble that lawsuits could work here too. I'm (like you) guessing there is some fine print saying that you absolutely cannot use the switch that makes the "reject" button disappear under the mouse and have a delay of 60 seconds. And if you do then you are responsible yourself.
Breaking EU directives isn’t merely morally questionable. This is as close to law as we’ll see on EU level. States implement laws to enforce directives.
Nitpick: you can't break an EU directive. Directives are frameworks of laws that the states have to implement. Here it's the French implementation of the EU directive what was violated.
Maybe imprisonment would be better. Just a few years to teach the lesson. I mean this developer knowingly aided in getting users to see more targeted ads!
It’s not a petty crime to trade in peoples private information. Prison sounds a bit harsh though. Especially for the cookie banner end of the spectrum. I’d save that for execs of companies that actually make money in the actual trade of PII.
There will be room in prisons when they let people out who used <blink> tags 20 years ago…
> Prison sounds a bit harsh though. Especially for the cookie banner end of the spectrum.
The developer knew what s/he was doing. We're not talking jaywalking here--this person (!!) made it slightly more difficult to make a choice that most users don't understand or care about anyway! And the result is more targeted advertising! How can you stand idly by?
Tell that to the numerous people who see an ad for something actually relevant to them instead of something only vaguely relevant to the site's primary audience.
Imagine your own mother being subjected to this kind of thing. Wouldn't you want jail time for the perpetrator? Would you stop there?
> Tell that to the numerous people who see an ad for something actually relevant to them instead of something only vaguely relevant to the site's primary audience.
You're not being subjected to some kind of torture; in fact, you are responsible for sending the HTTP request and executing it on your computer.
There's nothing "authoritarian" about imposing criminal penalties on those responsible for not just violations -- but as in this case, egregious, massive and intentional violations of consumer protection regulations. It's just how a civil society works.
I was being sarcastic, but yes, I do think these threads tend to encourage a groupthink mentality.
The vast majority of users like free websites and do not feel like targeted advertising is a serious problem. This was true before GDPR and these silly cookie warnings, and it continues to be true. Likewise, implementing a cookie dialog that requires more clicks to opt out completely is not so morally questionable as to justify the discussion I had responded to.
I think the solution would be to make software development be more like engineering. Have a licensing body that includes an ethical code of conduct, and breaking it will result in fines or having your license revoked
I understand it’s hard to say no but it would perhaps be easier to say “we’ll build that but it’ll cost you 5x more because we would be taking a legal risk”.
Making the option to follow the regulation cheaper has to be the goal.