A notable exception would be Robert Jordan and his Wheel of Time series. He prepared notes so someone could finish the work and his widow picked Brandon Sanderson to finish the series. But I think it feels easier to milk it than to be thoughtful with the life’s work of someone, as this requires a lot “would he have liked it” and to know this you would have to start caring early.
There is a fine and impossible to hit line that businesses have their own interest of surviving and should be able to use data. Like making better suggestions or tracking whether certain changes in their homepage work. This is not required for functioning but vital to companies for succeeding and giving you a better product. However, this should only be done on one site at a time, cross-site tracking oe fingerprinting is what sucks and allows data brokers to exist in the first place.
No lawyer can hammer into law, what a site needs to function, as it differs by site and is flexible in what people think is necessary. But your examples are good in that they show how sites go way too far to justify their over-the-top tracking. Maybe there really is an easy way to write it in “legalese”, but I don’t see it yet. But I am fully on your site, the current behaviour and practices are bad and unclear for customers.
That is actually really close to what is present now. The EU never said “use cookie banners” but rather “if you really want to track people, they have to say yes”. And most commercial websites decided to make it hard to say no, now everyone blames the EU for doing so. Your second point is not yet implemented, this would be really good for consumers.
Just a quick note for the Privacy Policy, Data Processing Agreement and Cookie Policy: this EU law (GDPR) and is mandatory for all EU states. So its not specific to Germany.
Laut DSGVO muss eine Einwilligung einer Verarbeitung (sämtliche Arbeit mit Daten) informiert, eindeutig und transparent sein. Wenn Heise sagt “Entweder Geld oder wir machen alles” haben Nutzer:innen keine Möglichkeit zu sehen, in was sie da genau einwilligen. Und können auch nicht nur einzelnen Punkten zustimmen.
This one is great! Made me think way too much
Legitimate interest is a way for the vendors to not need your confirmation. In general, your right to privacy is valued against the vendor’s right to operate. The most often used example is advertisement: in general, vendors are allowed to advertise, as they want to operate and sell their products. But you have a right to your data (e.g. mail adress, home adress, interests…). So courts have to value what is more important. Another example that most people would agree is that clubs want to show what happens in the club, so they publish pictures from their activities (interest of club to show they are active vs personal right to your image). As not every case goes to court, most vendors see their interest as more important and interpret “legitimate” interest rather loosely. So in general, the idea of legitimate interest is compliant with the GDPR, although I believe most sites use it too liberal.