Jump to content
CCleaner Community Forums
Sign in to follow this  
Scarpines

Another one caught out by the CCleaner browser auto opt-in

Recommended Posts

As the title suggests, CCleaner was installed unknowingly and without my consent. Yes you might say that it was shown on the initial install box but mine went straight to install for whatever reason. 

Nonetheless, I'm concerned about the fact that Piriform have the box pre-ticked which is out of kilter with the GDPR since it's a form of marketing. 

I also noticed on sign up of the forum, the option to receive news and updates is pre-ticked which is another no no under the GDPR. 

Please can a moderator or one of the admin provide me with the address for the legal team? If I've not heard anything back by close of tomorrow, I'll assume it's the London registered office address.

Thank you

Share this post


Link to post
Share on other sites
10 hours ago, Scarpines said:

As the title suggests, CCleaner was installed unknowingly and without my consent. Yes you might say that it was shown on the initial install box but mine went straight to install for whatever reason. 

Nonetheless, I'm concerned about the fact that Piriform have the box pre-ticked which is out of kilter with the GDPR since it's a form of marketing. 

I also noticed on sign up of the forum, the option to receive news and updates is pre-ticked which is another no no under the GDPR. 

Please can a moderator or one of the admin provide me with the address for the legal team? If I've not heard anything back by close of tomorrow, I'll assume it's the London registered office address.

Thank you

From your description it sounds like you missed the installation offer screen - which has been there in one form or another since 2010.

Although we do get reports of customers telling us that they did not see an offer screen, this is usually because no offer was made.  Reports of installer errors where no offer appears but an offered installation still occurs are extremely rare - if this happened to you it would be a bug, and your assistance would be appreciated in helping us diagnose what happened to prevent it happening in the future.

Feel free to send a letter to the London office.  Note, however, that with regards to the product installer, GDPR relates to the collection, storage and use of personal information - which does not apply here.

Share this post


Link to post
Share on other sites

Hello Dave

Thanks for the reply, I'm not sure what happened with me missing the initial installation screen but either way, I was not best pleased when I had realised what happened.

On the GDPR point, you're quite right that the GDPR is concerned with the processing of personal data, however, the Privacy and Electronic Communications Regulations covers direct marketing which requires consent for any electronic marketing. Historically, there was no definition of consent in the PECR but instead referred to the ePrivacy Directive which in turn referred to the Data Protection Directive. When the the GDPR came into force, it revoked the Data Protection Directive and confirmed that all references to the Directive were now references to the GDPR. 

Therefore, consent under PECR is now based on the GDPR consent, meaning that it must be given freely and a positive action must be taken thus the automatic opt-in is not compliant. Regardless, the requirement to obtain GDPR consent under PECR was formally introduced in March earlier this year and explicitly states this in Regulation 2.

Finally, the GDPR also confirms that a person suffering damage (inc. non-material damage) where one is required to comply with the GDPR but under some other legislation (in this case PECR), that person is entitled to compensation. 

In my view, by automatically opting in users to install CCleaner Browser without consent at the GDPR standard is unlawful - or at least I'm prepared to test that theory.

Given the fact that you admit no personal data or details are collected, Piriform cannot rely on the soft opt-in either.

I'll be in touch in due course with a letter to your london office and we'll see where it goes.

 

Edited by Scarpines

Share this post


Link to post
Share on other sites
On 05/08/2019 at 09:44, Dave CCleaner said:

From your description it sounds like you missed the installation offer screen - which has been there in one form or another since 2010.

Although we do get reports of customers telling us that they did not see an offer screen, this is usually because no offer was made.  Reports of installer errors where no offer appears but an offered installation still occurs are extremely rare - if this happened to you it would be a bug, and your assistance would be appreciated in helping us diagnose what happened to prevent it happening in the future.

Feel free to send a letter to the London office.  Note, however, that with regards to the product installer, GDPR relates to the collection, storage and use of personal information - which does not apply here.

In the EU that is illegal and you can be fined. EU versions should come with such boxes unticked, otherwise it is a violation of gdpr. 

Share this post


Link to post
Share on other sites
22 hours ago, slickr said:

In the EU that is illegal and you can be fined. EU versions should come with such boxes unticked, otherwise it is a violation of gdpr. 

GDPR relates to the collection, storage and use of personally identifying information. That does not apply to product configuration settings.  You may be thinking of opt-ins to email newsletters and the like.

Share this post


Link to post
Share on other sites

Well, I've sent a letter and after allowing 14 days to reply, I have received no response at all and that is disappointing. 

I'll be spending this week drafting the claim with a view to it being issued by the end of the week. I expect at that point Piriform will have no choice but to engage their lawyers and it will be interesting to see what sort of defence will be given. 

By the way Dave, I don't consider the embedding of a product which is entirely independent of CCleaner to be a product configuration setting if that's what you are suggesting. The only connection is that they are two software products owned by the same company where one is being marketed within another. As I mentioned in an earlier post, consent under PECR for marketing purposes requires GDPR consent so I am of the same view of Slickr that it is a violation of the GDPR/PECR.

 

 

Edited by Scarpines

Share this post


Link to post
Share on other sites
1 hour ago, Scarpines said:

Well, I've sent a letter and after allowing 14 days to reply, I have received no response at all and that is disappointing. 

No letters about GDPR have been received by Piriform in the London office recently.  If you posted something to a different company/country DM me your details and who you addressed it to and I'll see if I can find who might have received it.

Share this post


Link to post
Share on other sites

The letter wasn't addressed to anyone specific but it was sent to your registered office listed on Companies House by recorded delivery and it was signed for on 20 August - I will PM you the tracking number.

Share this post


Link to post
Share on other sites
18 hours ago, Scarpines said:

The letter wasn't addressed to anyone specific but it was sent to your registered office listed on Companies House by recorded delivery and it was signed for on 20 August - I will PM you the tracking number.

Thanks for that.  I will follow it up. 

Note that although this checkbox model for installation offers has been in place for CCleaner since 2010, we did announce back in May this year that it was changing, with testing currently underway, which should remedy such concerns in the future.

Share this post


Link to post
Share on other sites

Thank you Dave - I will allow until Monday next week for you to make any response. 

Whilst I appreciate you may have announced in May this year that changes are going to be made, I don't think that's much of a defence or excuse considering the GDPR has been in place for almost 18 months now (plus the business had ample time in the run up to the GDPR being enacted) so I find it difficult to believe that it takes more than 4 months since your announcement to amend the software code and remove the pre-ticked box. 

Seems to me this is more to do with priorities and the business has decided that this is not up there - of course that's fine but at the same time, the business must also accept the risk that someone may challenge that position which in this case, that person is going to be me.

Share this post


Link to post
Share on other sites

Sorry to have caused any confusion by mentioning the upcoming changes to the installer. All actual GDPR compliance changes were made quite some time ago.  The installer change is being done to remove a long-standing irritation and to provide an improvement to the user experience - and has nothing to do with GDPR (as it does not result in the collection, storage, processing or transfer of personal data)

This discussion has now strayed somewhat off topic and will now be closed.  Readers who would like to find out more about General Data Protection Regulation can find some reading material at https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...