Obtrain tracking consent for EU users before tracking

[finer9]

RE: GDPR - apparently the FTC enforces this in the US. We need a pop of some sort before connecting to segment and GA

https://twitter.com/ArcVRArthur/status/1223800412320534533?s=20

Tom edit: Recently we've received some feedback that users should be able to opt-out of analytics before signing into the app.

We may need to break down GA vs internal analytics (+SDK analytics) into separate settings. A user may not want data sent to GA, but still okay with sending to LBRY for rewards.

[kauffj]

Can you substantiate that the FTC enforces this on behalf of the EU? I am not generally interested in being bound by the laws of countries I do not live in and LBRY does not have a business presence in.

[kauffj]

(I understand and agree with making changes around the state of analytics. I simply disagree with doing it on the basis of EU law rather than what is right for users.)

[arthurrasmusson]

Can you substantiate that the FTC enforces this on behalf of the EU?

Great question @kauffj. That was my reaction as well. Upon further reading I have uncovered the following information. Here you go:

The extraterritorial enforcement of GDPR: The Extraterritorial Reach of GDPR to United States Businesses: https://www.clarip.com/data-privacy/gdpr-united-states/

The extraterritorial enforcement of GDPR via the US-EU Privacy shield framework: US-EU PRIVACY SHIELD FRAMEWORK: https://www.privacyshield.gov/EU-US-Framework

Here is a statement by the US FTC affirming it's commitment to the US-EU Privacy Shield: United States of America FEDERAL TRADE COMMISSION WASHINGTON, DC 20580: https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004q0v _The United States Federal Trade Commission (“FTC”) appreciates the opportunity to describe its enforcement of the new EU-U.S. Privacy Shield Framework (the “Privacy Shield Framework” or “Framework”). We believe the Framework will play a critical role in facilitating privacy-protective commercial transactions in an increasingly interconnected world. It will enable businesses to conduct important operations in the global economy, while at the same time ensuring that EU consumers retain important privacy protections. The FTC has long committed to protecting privacy across borders and will make enforcement of the new Framework a high priority. Below, we explain the FTC’s history of strong privacy enforcement generally, including our enforcement of the original Safe Harbor program, as well as the FTC’s approach to enforcement of the new Framework. The FTC first publicly expressed its commitment to enforce the Safe Harbor program in

2000. At that time, then-FTC Chairman Robert Pitofsky sent the European Commission a letter outlining the FTC’s pledge to vigorously enforce the Safe Harbor Privacy Principles. The FTC has continued to uphold this commitment through nearly 40 enforcement actions, numerous additional investigations, and cooperation with individual European data protection authorities (“EU DPAs”) on matters of mutual interest. After the European Commission raised concerns in November 2013 about the administration and enforcement of the Safe Harbor program, we and the U.S. Department of Commerce began consultations with officials from the European Commission to explore ways to strengthen it. While those consultations were proceeding, on October 6, 2015, the European Court of Justice issued a decision in the Schrems case that, among other things, invalidated the European Commission’s decision on the adequacy of the Safe Harbor program. Following the decision, we continued to work closely with the Department of Commerce and the European 2 Commission in an effort to strengthen the privacy protections provided to EU individuals. The Privacy Shield Framework is a result of these ongoing consultations. As was the case with the Safe Harbor program, the FTC hereby commits to vigorous enforcement of the new Framework. This letter memorializes that commitment. Notably, we affirm our commitment in four key areas: (1) referral prioritization and investigations; (2) addressing false or deceptive Privacy Shield membership claims; (3) continued order monitoring; and (4) enhanced engagement and enforcement cooperation with EU DPAs. We provide below detailed information about each of these commitments and relevant background about the FTC’s role in protecting consumer privacy and enforcing Safe Harbor, as well as the broader privacy landscape in the United States._

An overview of the US-EU Privacy Shield agreement: An Overview of the U.S. Privacy and Security Landscape: https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t00000004q10

It would be good if you would obtain user consent PRIOR to subjecting users to tracking via the use of segment.io and google analytics tracking APIs before someone files a GDPR breach complaint to the EU privacy commissioner.

[lyoshenka]

We're switching to opt-in tracking for everyone in #3707.