tomeric

@wemmick: As I've said, I've been working on GDPR compliance myself for the past month, and it was a lot of work (more than I expected), so I also understand that this must be very frustrating and cost a lot of developer time that could be spend on improving the site in different ways. I know it feels unfair and I know a lot of people will agree with you when you say that ads require cookies and GiantBomb requires ads to pay the bills, but the law is pretty strict to when you're allowed to use my (and other European's) data without asking explicit information and serving ads is not one of the reasons. Article 6 of the GDPR (Lawfulness of processing) gives you the 6 legal reasons to collect personal data:

1. When you have explicit consent (opt-in)
2. When you need to use my data to fulfil a contract I have with you
3. When there is a legal obligation to collect my data
4. When my life, or that of someone else is at stake
5. When my data is needed for a task carried out in the public interest
6. When my data is needed for a legitimate interest; which is pretty limited. You can for instance collect some information to prevent fraud.

Even if the language of the privacy policy is/was standard, the GDPR actually wants people to read those policies, so they need to be easy to read and not full of legalese.

I understand that everything takes time, and I hope GiantBomb will manage to be GDPR compliant in the future.

I don't usually post on GiantBomb, even though I've been a premium subscriber for several years, but as we've been working on GDPR compliance for a couple of months, and as a European, I'm a little bit disappointed in your implementation.

1. You're required to get explicit permission to use cookies. This means that all the ad services that are now checked by default should be unchecked by default and I have to give you explicit permission to share my information with those parties.
2. Most of the cookies described in the "Necessary Cookies" section are not necessary at all and are sharing personally identifiable information (like my IP-address) with 3rd parties without permission.
3. It must be possible to use the website without agreeing with your cookie notice and continued usage of the site does not count as explicit permission.
4. The privacy policy must be concise and transparent. It is neither right now. I can't see how my personal information is being used at all and I also don't know how long you will keep my data in your system (just a vague "time period reasonably necessary").

I know you probably have to follow CBS in this and have little say in the matter, and I also understand that I must come across as an entitled European jerk, but I did expect better from you guys :(.