Having finished writing my book, I was finally able to resume my good habits, in particular, spending time on a forum. An Internet user asked us if we knew of an extension for WordPress to display a cookie banner. The conversation quickly turned sour.
Abandoned designers
In fact, this Internet user was looking for a free extension, because all the solutions he had found were paid and he had to deploy it on several sites. I told him that I had resolved the issue on one of my sites by putting a text in an insert on the home page.
Thereupon, he told me that I was taking risks and that I risked a big fine. I laughed in his face, especially because he didn’t differentiate between administrative sanctions and civil reparations. But, above all, I made an observation: in France, the CNIL does not give any recommendation for tools to inform Internet users that we have cookies on a site. It is up to the designer to navigate the hundred or so extensions available, all boasting of being fully compliant with the GDPR.
Except: GDPR compliance does not rely solely on a damn banner “do you accept cookies?” » It’s a set of rules and procedures, a mechanic to learn, the blindfold being there only to complete the decor if I may say so. You can stick all the ugly banners you want on your sites, if behind it, you don’t know how your site is built and where the data goes, it’s of no use, other than hindering navigation.
Two weights, two measures
In fact, the GDPR annoys me deeply. I like the general philosophy and I respect it on Arcadia, as best I can. Unlike Google and others — because the text was created to annoy them — I do not have the technical and material means, not to mention the financial means, to do everything correctly. This text was written to annoy the big guys who have the means to comply. The little ones inevitably miss out.
As for the real data predators, they are quiet. Take for example real estate agents. Whether you are looking to rent or buy, real estate agents have very sensitive data about you, which we are obliged to provide to them. But, we have no guarantee on the security of these. We don’t know how they manage their files. Having already seen people rummage through trash cans to recover bank statements, tax notices, in short, nominative documents, to create fake ones, I promise you that I regularly break out in a cold sweat.
What can be done about this? Nothing. It’s the iron pot versus the earthen pot. Real estate agencies are all powerful, thanks to the legislator. Just like the banks, which got me thrown out of Axa, for refusing to provide information on Arcadia’s regular donors. I reminded that the information must be proportionate. As a result, Axa kicked me out and I lost around €500 in turnover.
The State, first applicant for non-compliance with the GDPR
Beyond these two examples, which are worth what they are worth, the one that least respects the GDPR remains the State. Recently, it was discovered that the CAF was playing with personal data to establish profiles of beneficiaries. We could also talk about Pôle Emploi, which has no shame in passing on too much information to entities totally unknown to beneficiaries.
We are not going to address the issue of various and varied police files or video surveillance. Nor all the texts which are regularly voted on and which provide for even more files. The opinion of the CNIL is never taken into account and even when the latter shows its teeth, everyone laughs.
And while the tax administration has a lot of data about us, we do not understand its inaction in the fight against tax fraud. As citizens, we lose on both counts: we have to hand over personal data, without knowing where it goes, who has access to it or what it will be used for, but our rights are not even respected.
On paper, the GDPR was a great idea. In reality, this only bothers people who really care about the text or who have the means to comply. Because we tend to forget it, but it has become quite a business.
Carpet sellers
Following my skirmish, I spent some time looking for a GDPR compliant plugin for WordPress. I came across a phenomenal number of sales pages for GDPR compliance services. Under the guise of giving advice, they are actually sellers of household appliances.
They all want to encourage you to buy their solutions, their services, their expertise. In itself, this is not bad, but it guarantees absolutely nothing. Except losing money, with the active participation of the State. Making laws that everyone must respect is very good — well, it depends on the day anyway. Giving people the means to respect it is better. However, the user who wants to be GDPR compliant is left in a corner.
Something useful would have been to give the CNIL real power to advise and give it the legal means to formulate recommendations or label turnkey solutions. Piling on the obligations that weigh on small business leaders, without ever supporting them, serves no purpose, other than to disgust them. Just as it disgusts citizens to see that their rights are never respected.
I was one of the people who was quite happy to see the arrival of the GDPR, telling myself that it would change things. In the end, by its variable geometry application, it is of no use.