alt Hacker NewsI told them forced consent was unlawful. 5 years later it cost Elkjop €1.8M
Comments
Actual decision (Norwegian): https://www.datatilsynet.no/contentassets/c8d0551d2a64403285...
Machine translation of overview & 5.1 which is what the blog post is about (covers some other things as well): https://chatgpt.com/share/6a34732c-0fa4-83e8-aae1-95c25dd117...
[EDIT] Oh, there was actually official English decision available as well: https://www.datatilsynet.no/contentassets/59addbef9c1b48a28f...
> The reply I received a few days later did me the favour of putting the violation on the record. Their position, in their own words, was that "in order to receive marketing / offers, it is a condition to be a member of the customer club." That one sentence is the whole case. They had taken a right I am entitled to exercise for free and turned it into the price of admission.
I don’t understand… it would be one thing if it said “receiving marketing/offers is a condition of being a member of the customer club” but that’s not what is being stated above… rather that being a member of the club is required to receive marketing — perhaps something has been misworded or lost in translation?
It's always satisfying when customer rights stories have a known positive outcome. The timeline is unfortunately quite slow and bureocractic but I'm glad OP managed to find out about it.
The image isn't loading for me, all I see is the prompt used to generate it - which is genuinely preferable.
Datatilsynet, the Norwegian DPA, from my experience, consistently has the user in mind. It (sadly) takes a long time for things to pass through the system, but they consistently come to good decisions.
This is extremely cool reading! I'm impressed that they actually fined Elkjøp (as they should!) but very surprised that they didn't keep you informed!
Thank you for sharing!
This fills my heart with joy. If only ICO in the UK would do the same.
Love to see this, and love our privacy and data handling laws!
Good to know that this is illegal. One of my email providers also does this, maybe I’ll also have to try reporting them and see what happens.
Excellent outcome. I wish we had these rights in the USA! Too bad justice took 5 years though.
> the only way to stop the marketing was to cancel my membership of the club altogether
I have experienced this same thing with at least one other big company in Norway.
I could opt out of either SMS or e-mail, but not both, or I would not be able to keep the membership.
Unfortunately, I never made a note of which one that was exactly so I can’t name them and shame them on the spot.
Despite half-hearted attempts at stopping marketing emails now and then by individually logging in and opting out, or clicking unsubscribe links embedded in the email, my email continues to be flooded with marketing both from domestic and foreign companies that I’ve done business with. There is so many companies that even going through a handful of them at a time and unsubscribing there is a seemingly endless amount of companies that remain to unsubscribe from.
It is great to see that someone fights back, and that it is resulting in fines.
I’m imagining an agentic solution in everyone’s inbox that automates GDPR fines and updates
Lol. Brookfield Place wifi had an OPT IN for their wifi to receive marketing.
If you unclicked it, the 'connect to wifi' button greyed out and a notification appears saying that Opt In is required for wifi.
Hahaha, the sticker looks really funny, but I like it.
GDPR is a godsend.
[dead]
I'm so glad the GDPR never took hold in the US. Little Karens getting companies fined millions of dollars over what amounts to nothing.
You can always not use their service. Plenty of alternatives out there.
I wonder if anyone who are cheering this fine, actually read and tried to implement GDPR. It is a nightmare to be fully compliant for small companies.
It is mostly just a theater (like endless cookie consent dialogs in anonymous browsing), to employ more experts and bureaucrats.
EU is now pushing privacy laws that severely undermine privacy.
If I did business in the EU, I would be banning this chap from my services on the basis that the risk he poses to the business is too great...
It's an interesting story, but I could not help but have my mind skip over it because of the LLMisms. Acts like one of those taboola reels to me. If even just there was a tutorial to get people to write in such a way that it's not obviously LLM text it would be nice because the story is interesting.
I know, it's like complaining about JS etc. but it's like walking into an elevator and smelling very strong perfume. It's hard not to go "whew!"
I'm glad it all worked out for this individual. I hope more people live their lives like this as the dystopia progresses.
Unfortunately, especially in the US, exercising your rights, or even just reading every paper you're expected to put your name to, not only constantly pisses people off for some reason, but also puts you at a significant disadvantage compared to the people that never push back in the interest of not making waves, or even because "whatever it's fine."