I’m in California and it was on by default. To comply with California rolls anyone in the US who resides in California can be covered even though it’s not their billing address. So enabling anything like that by default or not prompting to have permission for cookies or selling data is in violation for anyone who does business in California. The gdpr rules also apply to anyone who’s in EU citizen or resident even if they’re outside of the EU so since T-Mobile does business in both they need to comply.
That is a breach of GDPR, default has to be opt out. We don’t need new laws we just need the existing one enforced.
Does GDPR even apply here?
Edit: It’s a US company, operating within the US, with US customers. Why would an EU law apply?
Does T-Mobile operate in Europe?
It’s a European company.
They do but not this T-Mobile. It’s in violation of California’s privacy rules to be opted in by default for something like this.
Maybe it’s different in California then?
I’m in California and it was on by default. To comply with California rolls anyone in the US who resides in California can be covered even though it’s not their billing address. So enabling anything like that by default or not prompting to have permission for cookies or selling data is in violation for anyone who does business in California. The gdpr rules also apply to anyone who’s in EU citizen or resident even if they’re outside of the EU so since T-Mobile does business in both they need to comply.
If I had a dollar for every time GDPR was whipped out incorrectly…