Extra disclaimers apply - I work for ADI, but I am not familiar with the details of GDPR, I don't live in the EU so I'm not covered by the GDPR, nor am I a lawyer, nor do I work on/with the web or compliance team.
I did forward your concern to the folks responsible for the web site and GDPR compliance - which I know they take very seriously.
From a personal opinion standpoint - while I'm sure there is some clarification to be made on the description, things like " ... provided you have not opted out of such data processing." could have been written " ... provided you have opted into such data processing." Neither says what the default is (the way I read it), just that there is an option.
The EU web site that you point to (for making a complaint), has options for "opt-in" and "opt-in less" (their words are "Accept All Cookies" or "Accept Only Essential Cookies"); there is no opt-out there either. Who is to say which are "essential"? On their cookie description page https://ec.europa.eu/info/cookies_en (which is actually pretty good, and more detailed than most), they don't say which are essential and what are not.... so still have no idea what I'm agreeing to...
Not saying that the ADI site is compliant or not (I only know that lots of folks worked on it and spent a lot of time on it), also acknowledge there are always room for improvements - which may or may not happen (Again - not on that team) - only that's its hard to communicate some of these things sometimes...
Thanks for taking the time to respond, I really appreciate it.
By the looks of it, the analytics cookies (eg SC_ANALYTICS_GLOBAL_COOKIE) are not set when not clicking "Accept and proceed". So my issue is only with the wording. In practice it is already opt in, so the text can and should be changed to opt in.
The wording opt out does say the default is to accept, and you have to explicitly protest to not accept.
(It looks like the wording was already changed?)
Imho, you shouldn't look at it as cookies vs no-cookies. The GDPR is not really about cookies, but about protecting your personal data. You're allowed to set cookies! But if you're processing personal data (such as non-anonymous analytics), you do have to ask permission.
What bothers me the most is the consent modal:
I have to click the small blue text "cookie details" (vs the large green "Accept and proceed"), and then click the gray "Decline cookies" to not have my personal data processed and shared.
Why not give visitors 2 options equally?
- "Please use (and share) my personal data to improve this (and other) sites", and
- "No thanks, I'm just browsing"
If you offer those 2 options (and don't try to hide the "no thanks" behind an extra click and a hidden link), I would seriously reconsider consenting.
As a sidenote: I would be even more likely to consent if it's not the first thing you force on me. Visiting a press release with a fresh session cookie? Or landing directly on a datasheet from a google search? Why even bother with non-anonymous analytics and ask me for consent?
But if I'm clicking through and visiting other pages? Sure, ask to track me. My personal default is to decline, but if you can show mutual benefits I'm way more likely to consent.
As for the comments on the EU website I linked to: I agree. The wording is not clear as to what I'm accepting. As far as I understand:
- "visitor preferences" and "operational cookies" are required
- analytics cookies can be declined (even though they are already anonymous)
- third party cookies are handled separately, when viewing third party content
Following my own advice, I will contact the European Union DPO, and ask them to clarify the consent popup.
This should really be an import addendum to my previous post!: the first step is to contact the site's DPO, and only escalate to your nation's data protection agency when this approach fails.
Thank you again rgetz for taking the time to respond, and for raising this issue internally. It looks like wording of the privacy policy was already changed. I hope the consent popup can also be improved. Your response and the quick update of the privacy policy has greatly improved my opinion of Analog Devices.
Yes - we attempt to push all drivers upstream, but there are many people who want to just try something out, and don't want to compile kernel and userspace from source.
The Kuiper distribution is about convenience for those people who want to be users, not developers.
>The Kuiper Linux support for Xilinx Zynq and MPSoC is telling.
You missed the Intel SoC and Raspberry Pi support too. :)
According to the Annual Report [1] - ADI works with 125,000+ customers. That means diversity in application. The press release was focused on Linux, but there are a lot of other ecosystems that ADI also participates in - from Arduino to Pmod to No-OS to Mbed and more.
Yes - the goal is to always upstream every driver (and we do a pretty good job at that). Depending on the lineage of the software (who developed it, what they developed it for) - it may not be possible to meet the kernel coding guidelines - so we don't send those upstream.
The goal is to always upstream every driver (and we do a pretty good job at that). Depending on the lineage of the software (who developed it, what they developed it for) - it may not be possible to meet the kernel coding guidelines - so we don't send those upstream.
All the Linux kernel drivers found on https://github.com/analogdevicesinc/linux or upstreamed at kernel.org are released under the standard Linux kernel license - GPL 2.0. There is no "only for ADI devices" possible - doing so would be a violation of section 6 of the GPL 2 ("You may not impose any further restrictions on the recipients' exercise of the rights granted herein.")
Yes - ADI would encourage anyone to buy their devices - but no - we don't force it - There are many things that are "ADI devices only", but that's normally userspace or HDL or tools, not kernel.
I see how you read that completely differently than how I meant it. I apologize, and thank you for pointing that out.
I meant to convey that creating a free software tool specifically to support a hardware catalog has precedent, makes business sense, and is useful to customers. Not everything has to conform to the FOSS die-hard ethos to upstream everything.
The goal is to always upstream every driver (and we do a pretty good job at that). Depending on the lineage of the software (who developed it, what they developed it for) - it may not be possible to meet the kernel coding guidelines - so we don't send those upstream.
The goal is to always upstream every driver (and we do a pretty good job at that). Depending on the lineage of the software (who developed it, what they developed it for) - it may not be possible to meet the kernel coding guidelines - so we don't send those upstream.
Yes - the list on https://wiki.analog.com/linux is a consolidated list:
- ADI devices (there is only one ADI, when a company is acquired, they are integrated - the group inside ADI that writes drivers doesn't care what the part prefix is)
- internal ADI development and upstreamed/mainlined drivers that have been done by our customers / other contributors
It was done this way to try to make it easier for people to find the drivers, rather than rolling through kernel source. The Majority of the drivers are upstream (including the ones ADI writes), or are in process of going upstream, but some drivers - because of their development flow - will never meet upstream kernel coding guidelines.
I did forward your concern to the folks responsible for the web site and GDPR compliance - which I know they take very seriously.
From a personal opinion standpoint - while I'm sure there is some clarification to be made on the description, things like " ... provided you have not opted out of such data processing." could have been written " ... provided you have opted into such data processing." Neither says what the default is (the way I read it), just that there is an option.
The EU web site that you point to (for making a complaint), has options for "opt-in" and "opt-in less" (their words are "Accept All Cookies" or "Accept Only Essential Cookies"); there is no opt-out there either. Who is to say which are "essential"? On their cookie description page https://ec.europa.eu/info/cookies_en (which is actually pretty good, and more detailed than most), they don't say which are essential and what are not.... so still have no idea what I'm agreeing to...
Not saying that the ADI site is compliant or not (I only know that lots of folks worked on it and spent a lot of time on it), also acknowledge there are always room for improvements - which may or may not happen (Again - not on that team) - only that's its hard to communicate some of these things sometimes...