I actually went through it. Requested all the information they had on me. Had them delete most of it and set clear limits on what they could or could not. But true if you blindly click 'approve all', then sure.

But then that's based on consent. And that consent can now be revoked.

Anyway even though GDPR was an excellent decision, that doesn't make this decision good. They're very seperate from each other.

E-Commerce. How old are the people who wrote this law.

In some cases I changed their permissions. I often only accept as few cookies as possible when I visit websites. A lot of companies have information in cases where I have not given my consent for specific conditions and I have not agreed on any privacy agreements with them so they have to follow the basic rules. And, perhaps you noted, if I get tired of Google, DropBox, iCloud or whatever, it is a lot easier for me to download all my data at once and find another service. It is easier to get personal information deleted. It is easier for me to ask Facebook to tell me what information they hold on me, for what purpose and why it is legal for the to do se. In cases they have security breaches, they might have to pay fines, they have to notify me under certain conditions and so on. Most of it is rather good.

As you point out even if you had given consent there are other conditions that are important and make it less likely your data is used for bad purposes. And GDPR is about so much more than Google. It seems we agree.

Well, revoking consent might not help much:



source

This is a very important article that I read with great interest when it was new. As I see it this is rather a case of Google confusing their users than Google collecting these data without any user consent. I had gone through all the privacy settings and thus I had also made sure they did not track me when I used services in which it seems less likely you will be tracked. If there was absolutely no user consent anywhere they could point to, and if their processing was not legal based on other parts of GDPR, they would be in even deeper trouble. The GDPR also set certain conditions as to how consent can be obtained and I think quite many companies will be challenged by these conditions in the future. It is a story like this that we are less likely to see perhaps not on the short run but on the longer run thanks to the GDPR.

Hey One Bad Pig, its funny you should talk about that, because we actually used the part of Android that is responsible for that this. I was working on it with two interns who I was guiding through making an app, and they didn't know why the location was turning out 'null' until they had used the map on the emulator.

Its called the FusedLocationService. Basically while the phone is running, every time the user location is requested form the Google GMS, it'll be cashed on the phone. This is is kinda great because it saves Developers the effort of reinventing that wheel multiple times. The FusedLocationService is also smart and integrates motion sensors, and wifi trackers, all sorts of location services, to provide us with just two simple coordinates (and some information about whether the user is moving or not).

All the statistical information about the users location is located entirely on the phone. It might still be Google's responsibility, though that number is not broadcast directly from the phone. We get into the issue about whether Google or you count as the "data processor" in that case. I think it should still be Google's responsibility... however, mind you, the data is only available if you'd allowed an app to gain access to your location, otherwise its not available to the app.

The process that does all of this works runs as a separate user on the phone, and each app on the phone runs as under its own user profile which has to ask permission to gain access to that. This permission is revokable from settings on the phone.

The internet is its own crazy microcosm.