Which is absolutely perfect if you're the one selling these courses! A captive student (that need additional courses at least once a year) generates continuous revenue.

For me as a potential co-worker, this is horrifying. Imagine a carpenter not understanding that screws will create a stronger grip than nails, because nails were all they used in class...

This is the most important problem: TRUST.

Advertising platforms, including Google & Facebook, are not just analysing your behaviour at a site, they're following you around everywhere. To me, this is stalking, and I view it with the same loathing as stalking by perverts (the only difference being the danger to my body). They have NOT earned my trust.

One of the reasons companies (especially in marketing) were scared, is that this "legitimate purpose" does NOT include making a profit. As a company, you need to prove that a) what you're doing is in the interest of the consumer ("better ads" doesn't count), b) that you cannot do this in a less privacy damaging way, and c) that between the privacy invasion and going without your service, the privacy invasion is the lesser evil for almost anyone (i.e. for the consumer it's worth it).

If you cannot do that, you need consent.

And even if you are allowed to process the data for a particular purpose, you still cannot do whatever you want. You cannot use the data for something else (that's a different purpose), you must allow consumers to opt out of automated profiling (yes, even with consent to use the data, consumers can force you to have a human process the data), and of course there's still the need to alter/remove the data afterwards due to the right to be forgotten and the right to correct incorrect data.

Or read it here: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act

In short: decent privacy protections that force corporations to treat people as people instead of exploiting them as products and to think of the children. Effectively, only publicly available information may be used freely.

Also, Assembly Bill No. 1798.140/(o)(2) of June 28, 2018 states on the matter of publicly available information that:

In other words: just like in the European GDPR, the purpose for which data is collected and maintained matters.

California has done right by this law, even though it contains a lot less protections than the European GDPR (where any collection of data that can identify a person, even the personal opinions in a long enough browsing history, is personal data and therefore private).

I care. Whether I'm picking my nose or not, it's none of your business. It is however, a data point to follow my movements. Basically, a private camera pointing at the street is a violation of basic privacy expectations (i.e. I can be watched when walking down the street, but not recorded without oversight by law enforcement).

If I'm interesting enough to be followed, it should cost significant police time. This way, I'll only be followed if there are serious suspicions I've done something wrong. And because I continuously try to live a live where I won't do anything wrong, any missteps should be minor enough that I'll never be in trouble.

Unless of course you everybody must be absolutely above reproach, and any small or minor misstep should be harshly fined / punished, like it happens to some people (try having a dark skin)... I'm glad I live in a more civilized country.

Obviously: they usually occur in asphalt roads, not in the tiles sidewalks. Material does matter.

Fixed. Sometimes, you have no choice about the matter. Using biometrics as authentication, wrong as it is, is increasingly used and not always avoidable. Even if you don't use it, your biometrics might be leaked and then installed somewhere, and thus usable by an attacker.

Having said that, any system that uses identifiers as authentication mechanism is MUCH less secure than a password protected system: at least with password you can choose a strong password.

Sorry, but that's simply not true: your payment history (assuming an compromised card, as most are) is a history of your personal behavior.

Although each individual data point cannot be used to identify you, the history of them can. There is only one single person in the whole world that would generate this exact series of data points: you. And if you take location into account, that means the length of history needed to uniquely identify you is considerably shorter.

This is why, under the GDPR, browsing history is personally identifying information. Yes, there are shared browsers. But as a very large part of web traffic these days is from mobile phones only ever used by one single person, the existence of shares browsers/devices is no longer relevant.

Yes we do: it's called the Universal Declaration of Human Rights. Specifically article 27, which states that “everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.”

Whether you like it or not, you and everyone else are not allowed to abuse copyrights to deny someone the option to "enjoy the arts and to share in scientific advancement and its benefits". So if you ever publish your copyrighted work, you're not allowed to suddenly deny any or all people access to it.

Now please note that this still doesn't excuse copyright infringement. But it does mean that rights holders, once they publish their work, are required to make it available at a price all members of the community can pay.

I never said anything about consenting to advertising, for the very simple reason that advertisements can be safe for privacy (even if online they hardly ever are). Hence, consent is never required.

But some advertisers DO ask for consent for personalized advertisements (sites like e.g. slashdot are a good example). This is how you can recognize the good ones. Scumbags like Facebook never asks for consent, but collect personal information anyway.

The correct response to Proctor & Gamble is: "we'll do this in every case where it's lawful to do so."

Note that even with an id in a cookie (that persons name in your system), you cannot rule out family members using the same computer, strangers using the same (library) computer, etc.
Anecdotal evidence (I work for a fairly large webshop in the Netherlands) suggests that people who don't consent are about as many as the number of people who use the same computer: a few percent.

In which case you haven't reached the (real) end, and my comment does not yet apply...

Consent is not necessary, if they can use one of the other 5 grounds for keeping the information. Some of them are related to government applying the law, or the public welfare, which obviously don't apply here. Netflix basically has 4 possible grounds:

1. 1. Consent, which allows everything a customer can understand (!), but can also be revoked at any time
2. 2. Legitimate use, where they have to prove the loss of privacy outweighs any possibly benefit to you, and you can object to this
3. 3. Fulfilling a contract, which allows Netflix to store any necessary information for as long as necessary to fulfill their obligations (this is really quite limited)
4. 4. Obeying the law, such as legal warranties, may force them to store certain information (mostly related to who bought what & when). It's unlikely this could ever apply to this case.

Now here we have a good argument. It's really not necessary to store your choices after you've seen Bandersnatch: the next time you view it, you should be able to choose a different outcome. In fact, unless Netflix can prove a followup is already planned, there's really no reason to keep the (non-aggregated, personal) data. And hence it's illegal.

Do they have a choice? Enough people like lower prices so much, that for others it's impossible to choose a delivery guarantee.

Luckily I live in the Netherlands, where the sender is responsible for the shipment until the recipient receives it. And the law specifically states that leaving it on your doorstep does NOT count as "delivered". Sadly this does not solve problems like (falsely) claiming nobody was home, but packages are never left outside for any random passerby to take.