It would be nice if the options weren't like "Enable all cookies" and "navigate 4 menus that try to convince you to enable all cookies."
It would be better if you could set your preference on the browser once and never have to mess with it again unless you want to have exceptions for specific sites
In theory this is done. There is a Do Not Track (DNT) header that is browser defined. Does anyone use it? Do they fuck.
I use it and the browser kindly explained to me that the feature is mostly useless because sites don't give a shit about it.
Sorry, I'll revise to what I intended (since I also use it). "Does anyone pay attention to it? Do they fuck."
Just make it illegal to sell user data to "data partners", and use cross site tracking.
Nobody actually "consents" to this shit. They just don't read.
I really wish we had a simulated world sandbox to try these ideas out in. I suspect this might lead to the end of most free websites.
TV never targeted commercials directly at "Dave Smith, likes fishing and interracial porn, lives in Chesterfield, searched for new cameras recently", but they still operated.
Sure, but also beside the point? I'm talking about the effects of changing an underlying mechanism of a live system, not of comparing two different systems that developed over time.
Here are my guesses: sites that have enough unique visitor count and data to work directly with advertisers may not fall. Small sites that rely on Adsense networks for revenue would no longer have revenue. A small (though non-zero) number of people/groups would continue on and seek alternative funding. Without ad networks, many tech companies fall.
I'm not saying that I'm against any of this, either. In my view, there's a large chance that nothing of real value (to a society) would be lost. Maybe we can bring web rings back.
Ad networks could still work, they just wouldn't have the targeting data to work with or the usage data they can sell as an entirely unrelated business model. They were profitable before the current big data push, there's no reason they couldn't continue to be profitable without that big data again
Do you think our economy has changed since big data targeted advertising? Your example is the same as Blackmists', essentially. We're 30 years down a path and flipping a switch like that would have widespread repercussions. Again, I'm not saying the repercussions shouldn't happen.
Yes it has changed, for the worse
There's no reason they can't just use the page you're on and a very rough "location from IP address" (e.g. just the country, and sometimes not even that), to give the advertisers something to aim at. If you're on a camera website, you'd see camera shops in the UK, etc, rather than a load of weird buttplug shaped things from Temu.
How would the advertisers get location IP if they can't have the data?
Edit: whoops, got trigger happy.
Anyway, I'm totally behind taking back control from advertisers. They have an outsized influence in society. I also think there are unforeseen consequences of your blanket statement suggestion that haven't been considered, hence wishing for a simulation. Again, if advertising is less targeted, cost of customer acquisition goes up and most business models break.
Your browser would technically have to request the advert anyway. So they'd have your IP regardless if they served you an ad. They just wouldn't be allowed to push it and your browser fingerprint to 1000+ "data partners".
A better addition might be to have a dedicated advert tag in HTML, that disables any JS within that block, so the only thing they can do is give you a chunk of HTML/CSS/images with no ability to fingerprint.
Did you entirely miss Nielsen and the data they gave to advertisers?
Could we go back to that? Paying people to install spyware box behind their router?
Free sites already operating out of the goodwill of some random admin and making single-digit ad revenue anyway <-- you are here
Porn aggregators
SEO filler
SEO filler
Wikipedia
End of list
The only ones whose business model would truly be threatened and whose loss would be problematic are newspapers.
OTOH newspapers accidentally cornering themselves in a "freemium" business model has fucked journalism over so bad I'm not sure how it could even be worse.
Free websites like the ones we are on barely exist anymore anyway, because how the fuck do you "compete" in the "free marketplace of search indexing" when some russian troll is burying you to page 5 of google's search results and you can't reach anyone via facebook or twitter without paying thousands?
“Free sites already operating out of the goodwill of some random admin” are where the good shit is.
Craigslist struck the first blow against newspapers by taking away classified ad revenue. The death blow came when Silicon Valley taught people that "information wants to be free," which meant that no one wanted to pay for local news anymore. That led most local newspapers to collapse, while the few that managed to survive --apart from a handful of "legacy" papers-- mostly did so at the cost of turning into click-bait sites or outrage machines.
We have to bring back the idea that people should be happy to pay for local news.
They can just run ads without all the tracking bullshit and data collection like they do on every other medium with free ad supported content like radio and television. Somehow I can watch TV and listen to the radio for free and they manage to stay running without monitoring my every move.
Might be less profitable for them but so be it. Just because tracking helps their business doesn't mean it is justified.
I'm not a fan of the cookie consent popups, but I do appreciate the EU actually trying to do something to protect people's privacy. Seemingly the only major entity to do so right now.
That was my first thought as an American. It's refreshing to see that 1. They attempted something meaningful in the first place 2. They recognize it isn't perfect/not having the intended effect and are making adjustments.
This seems like a functioning government.
A better solution would be to force sites to care about the Do Not Track browser setting that currently does nothing as told by the browsers themselves.
Exactly this. The goal of requiring explicit cookie consent/refusal is admirable, but the implementation of cookie banners is both useless and terrible. We already have a way to communicate to websites whether we're alright with cookies or not, they're called HTTP headers.
The irony of DNT becoming another data point to fingerprint you with sucks.
Just add 2 things:
Cookie settings are possible to set in the browser for all pages.
There's a reject all button on every cookie banner.
There’s a reject all button on every cookie banner.
Most importantly, those banners should be streamiled to look the same at the very least. No highlighing "ACCEPT ALL" while graying out "reject all" nonsense. No swapping the buttons left and right, top to bottom trickery. I'd prefer if the browser takes care of it all, though. I'm already using a plugin for that, though it comes with draw backs.
Which plugin do you use?
I am using „I still don‘t care about cookies“ for Firefox. It basically auto-selects the least required cookies possible. Though some sites don‘t offer opt-out so it will automatically accept those cookies. Not perfect, but I really can‘t be bothered to do a cookie captcha every time I open a private tab for example.
Right, this!
Tired of all the dark patterns.
No, just ban the collection of user data and selling to 3rd parties. Enormous fines for anyone still doing it. Destroy this entire industry please.
The EU is primarily pro-business, but that also means being against anti-competitive and underhanded business practices
The browser thing sounds like a good solution (although there must be a reason why DNT headers weren't made legally binding, potentially as they wanted to allow people to pick and choose what cookies they allow based on what they thought was "too far" or something but that's conjecture), however disallowing all user data will likely lead to companies not being able to advertise to people who are interested in their products, something which the EU will see as a negative and would also cause an uptick in scams and misinformation as you see in low quality advertising space at the moment
This comment got to me really late, probably to Lemmy's distributed nature.
But I still want to add: of course business will make more money if you allow more practices, but selling personal data just has too many negative consequences.
Also low quality advertising? You mean like billboards and in the newspaper? You mean regular advertising?
I mean "[local town] grandma discovers 10 foods you never knew you should avoid" or even downright scams when I say low quality advertising
Also "negative consequences" is a bit overdramatic and I'd love you to elaborate... Really it's down to the person's own opinion, eg you don't like it so you'll reject that sort of thing, meanwhile I don't mind it especially as a way of paying for decent quality media so I'll allow it on some sites but not others
No there most definitely is not. Most banners have a big yes button, and you need to scroll to a settings button and then do five more things to not get cookies.
He said that should be added
So true. And then you have Schibsted, Norways biggest media conglomerate; the only way to reject cookies is that you have to log in in order to reject it! According to the cookie law (no idea what it's called), it's illegal. It's been reported to the EU and Norwegian government numerous times, but nothing happens. Fuck Schibsted!!
In my experience a lot of italian (particularly "news") websites basically say "accept cookies or sign up for our paid subscription"
Incognito and accept all
I meant it should be added as a default thing you have in every one of those things.
But even if you reject all, you still allow them to track you through the legitimate interest cookies
That doesn't sound like a legitimate interest and should be fined or something.
well, not on every cookie banner
The reject all is already a thing. (Well is not all all, but reject all except necessary but those doesn't matter much, they are not tracking).
That said usually is not called this way as obvious, sometimes is just "reject" without the all, "accept only necessary", "decline", etc or you have to close the banner etc or they use some other confusing pattern.
What's annoying is the "Reject" button hidden on another page. That should be illegal.
And it actually is... Quote from the GDPR:
It shall be as easy to withdraw as to give consent.
The problem isn't the law. It's that it isn't enforced.
It is enforced, but there are so many websites with so little time.
So it takes a while. It used to be WAY worse.
Plus the 'legitimate interests' of 3rd parties
Yeah, definition of "legitimate interest" is definitely being stretched well beyond it's breaking point.
Pretty sure it is
It should be just a browser option.
You set cookies on or off, ans the browser sends the option in the headers. Websites just need to take the option from the header instead of a banner.
It already exists and is called "do not track".
Unfortunately by sending DNT you are merely suggesting to the server that you wish to not be tracked. There's no requirement for the server to actually care about you at all.
Now, if DNT were actually legally binding though - that would indeed be very cool.
Yes and this is what they should have legislated. I don't know if lobbyists or stupidity got in the way, or both. But the fact that this news comes now so close to Google Chrome abolishing cookies for its new "privacy" feature is suspicious timing.
That has been tried with the DoNotTrack header. Turned out servers didn't oblige by it.
That's because it was entirely voluntary. It should be integrated in the browser by law, and the choice should be binding
Yeah, but if the EU required sites to pay attention to them...
There are addons (for firefox at least) where the cookie banner will come up but your browser auotmatically refuses all cookies.
Yes, but it often doesn't work and even when it does the site is unusable while it works, which for some particularly awful banners is several minutes. The situation is worse on mobile where most people have a browser that you can't install add-ons to (and I'm not sure if that one works in firefox mobile anyway)
This is the one I use. It's FOSS and developed at a university.
Am I mistaken in believing it is an already a browser option?
Off the top of my head Qutebrowser and Falkon both support not-saving 3rd party cookies.
Your browser can not save third party cookies, but it might break some sites. Some advertising situations allow the use of first-party cookies, and blocking first-party cookies will break most sites.
In either case you will still have to fill out the consent form, and if the consent is stored in the kind of storage you block, then you will have to fill it out every single time you visit.
The DuckDuckGo browser has this baked in as 'Cookie Pop-up Protection'. It doesn't quite get rid of them all, and doesn't let you set a default for what you want (it'll basically pick the most privacy-forward option) but I've found it works pretty well.
if website has a choice, then they will often choose an option that benefits them the most.
They should do something about "consent platforms" using various DNS tricks and thousands of domain names to bypass/evade user blocks.
I wasn't so bothered about some non-invasive ads a few years ago, but I absolutely despise any kind of ad now TBH, and it's mainly down to how persistent some of these platforms are with their evasion tactics
Also pretty ironic for their popups to talk about "respecting" my privacy when these platforms literally do the opposite of that to show their popup in the first place. I will not support any of them, in any way, on my network.
As soon as I see a new one appear when browsing, I chuck it into dnsdumpster so it can get recorded with the rest of them, and then block the new list from dnsdumpster (grid icon) on my network.
The EU law explicitly says no consent by default and users have to opt in. All of these cookie banners are breaking the law, the law doesn't need to change it just needs enforcing and these banners will disappear. We already have a do not track header and that could be complied with but it's enforcement that is the problem.
How do they break the law? The opt-in forces them to ask you first and that's what the annoying banners do. Sites that don't care about tracking also don't show these pop-ups.
The default should always be “no”. The user has to opt in.
The law specifically says not to do the super complex dark pattern deny every 3rd part cookie manually by hand - crap.
The problem is that it’s not enforced
The user often needs to click through several steps to say no
And that’s exactly against both the spirit and the letter of the law. They need to enforce it.
Now don't make it worse!
Narrator: They made it worse
'they always can, they always will'
I'd be happy to keep the ones that say:
"we notice you are in europe and we can't use our cookies to track you so you can't come to our website"
It's good to know sites with policies like that to ensure I never visit them.
"It is literally impossible for us not to spy on you or sell your data. Sorry not sorry bye."
Typically, those already have geo filters because they can't be bothered to implement EU requirements.
Unless you're outside of the EU, of course, in which case you'll probably be tracked no matter what.
One example I know if is my hometown newspaper, dentonrc.com; I have a friend who moved to Europe and was annoyed that they geo-blocked him, but I can't really blame them. How many people are really gonna visit the site for a small American newspaper from the EU? From a business perspective it makes no sense for them to pay a developer to do more than the bare minimum.
I know, I certainly don't blame the little sites.
Geoblocking in such cases would not be sufficient. For one thing your geo-IP database will never be perfectly accurate, even without considering that "data subjects who are in the Union" can connect to your site via proxies or VPNs with non-EU IP addresses. For another you still need to respond to GDPR requests e.g. to remove data collected on a data subject currently residing in the EU, even if the data was collected while they were outside the EU, and you can't do that if you're blocking their access to the site. For a newspaper in particular the same would apply to any EU data subject they happened to report on, whether they had previously visited the site or not.
What exactly is the EU gonna do about a foreign site that does no business in the EU? They don't rule the world.
Sure, they don't rule the world. They only have the power to ban you (either the company per se or its individual owners, officers, and/or employees) from ever again doing any business in the EU. Which naturally includes business with any individuals or companies either based in the EU (as a seller or a buyer) or wanting to do business in the EU. Or from traveling to the EU, whether for business or personal reasons. Little things like that. Nothing too inconvenient. (/s)
They haven't taken things quite that far—yet. But they could. It's dangerous to assume that you can ignore them without consequences just because your company doesn't currently depend on revenue from EU customers. The world is more interconnected than that, and the consequences may not be limited to your company.
So is a local newspaper supposed to be afraid of not complying aggressively enough with foreign laws from the whole world, or just the EU? The way I see it they're already doing more than is reasonably required by making a good faith effort to prevent people in the EU from accessing their site. Holding them responsible for people who deliberately bypass the blocking seems downright imperialist to me.
What if this wasn't a website issue but a browser one. Browsers invented cookies so browsers should be the ones to implement the banner feature. All Developers would then be forced to implement fallbacks to their cookies since the user could turn cookies off. If it was browser based fix then it would be a consistent UI and developers wouldn't be able to do shady shit(at least with cookie consent is concerned)
Damn, this is a really great solution. Then I could decide once if I wanted the cookies and the browser would decline/accept(lol) all from that point.
Not only are they annoying, they go half way to legitimising the theft of user data.
Exactly. Identify what uses are legitimate and what uses aren't, and legislate directly. None of this consumer consent crap because it's meaningless to consumers. No consumer benefits from their browsing habits being under surveillance.
Was done before too, but now the websites simply need a banner for using categories of cookies which require it (tracking, marketing, ..)
And we already have GDPR at least limiting activities in a broad sense. (of course lots of leeway, but still much better than before)
You cannot do more with a cookie banner you couldnt already do before.
What do you mean? GDPR allowed for the "unless the visitor agrees" stuff so that's why we see cookie banners everywhere.
I would say it should either be allowed or not, depending on the use case. A navigation app should be able to track your location for the service they provide but not for ads or selling to other companies. Your calculator app has no business even asking. Profile based advertising (rather than content based) should be banned wholesale. That sort of stuff
You do realize you only see the cookie banners because the companies are now forced to show you one? It's not like they started collecting shit only after the GDPR nor is it entirely illegal and unethical to sell user data. The point of the GDPR was to make users aware of which websites are selling which data and give them an avenue (be that declining cookies or leaving the site) to prevent that. Corporations then designed their way around the wording of the GDPR to make declining cookies as difficult as possible which is why we're seeing this push for a revision now. The goal still isn't to make user data based financing impossible, it still is to prevent users from being pushed or bullied into selling their user data against their will.
That should be the goal. This cannot be left to individual consumer choice, is what I'm saying. The annoying cookie banners should be a wake-up call for regulators that the "let the consumers decide" experiment has failed.
The cookie banner is only required to store data on the users device. the tracking without is still possible and potentially allowed via legitimate interest.
If they want more they already ask for more outside the cookie banners when they require or want to have your consent (e.g. consent to load content from sources which will transfer your data outside their control e.g. youtube-embedings)
The limitations of whats allowed is already established in the GDPR, so anything you cannot find legitimate reasons for is already not allowed e.g. simply selling your data to other companies (as long as they include PII)
And as coupling is not allowed either its not allowed to couple consent with a cookie banner (which should only be used to ask for permission to store data for purposes which arent required for the usage).
What we do need is to have a technical implementation of the browser to tell the website via standardized methods what is allowed or not.
Eh, I think cookies should just be opt-in unless they're absolutely necessary for the site to function.
Then all cookies will be considered necessary. It's very hard to legislate the edge case.
It's already the case that necessary cookies don't need permission, but websites do not abuse this to not show the prompt. This is because the legislation has teeth.
This is exactly the spirit of the cookie law
Companies already bundle their invasive data collection with necessary features so if you block it than the website just won't work, this would incentivise that behavior if necessary cookies are automatically approved.
Ah yes, the good ol Internet Exploder Explorer tactic
At least the regulation show us how shady internet is. That banner only shows up if the website is going to use cookies to use your data as a way to make profit. The fact that every website is doing that was eye opening for a lot of people.
Lol I'm a web developer who has put hundreds of those banners on clients' sites. Not as part of some nefarious data-selling scheme, but rather as a shallow tickbox exercise in order to comply with laws about technology they don't understand.
In this case, assuming ignorance over malice is the way to go.
In this case i assume you're an ingnorant developer who didn't thought of better options to comply with the law
In any case you are welcome to make incorrect assumptions, especially if my statement hurt your feelings.
I bet they will keep adding loopholes to keep websites bullying their visitors.
why bother making legal frameworks when you can't enforce them, there are hundreds of thousands of website including very prominent ones that hide the "reject all cookies" button after a second screen prompt. or flat out force you to opt-out of every second cookie category , just so you give up. they haven't been fined. and they know EU authorities aren't bothered either, so they keep infringing on the GDPR.
Lawmaking is a slow and tedious process full of compromises, and the EU is apparently the only governmental body that cares enough to actually do something against the wild west of digital tracking. I for one am happy about that, and contrary to public opinion the GDPR is actually being enforced (albeit not strictly enough).
I saw one that required you to decline every single company that was purchasing marketing data from the site. It was like 300 companies long where you had to click the slider to turn them each off individually.
Sometimes, it’s difficult to discern which setting of the slider is on or off. They use nonstandard colors or don’t explain in text which setting signifies each option.
My biggest qualm is that usually these sites won't save it when you only allow necessary cookies. So they will ask you for every single session until you give in.
There are sites that respect the "do not track" setting of the browser and just display a small timed info on your first visit that cookies have been rejected. Example: geizhals.eugeizhals.de
A start would be to require sites to remember non-consents for at least as long as they remember consents. Why do I have to be asked about cookies by every site every month?
That sort of thing is stored in a cookie.
You don't need permission for that particular one, though, it's site functionality and the user can reasonably expect that that kind of thing gets remembered.
Lots of stuff doesn't need permission, when you're seeing a banner either you're dealing with someone clueless, or they want to track you. Or both, of course.
Web developer here. A “cookie” is just a piece of information stored on your machine. A cookie can be a setting, saved app data, or a tracking id.
The reason you keep seeing the banner is because by saying “no” to cookies, you’re telling them they don’t have permission to store ANYTHING on your computer. Which is fine. Your computer your call.
But if they can’t store anything on your computer, there’s no way to remember that setting next time you come to the website. No local setting storage means they don’t have the stored “no cookies” setting to load. Likewise there’s no tracking id they could potentially look your setting up in their own database by.
Web site requests are “stateless”. That means that, to a web server, each and every single request to a server is its own brand new, separate connection with no link to any other connection. The only way to share data between individual requests is via some kind of stored “state”. That state can come from your computer in the form of cookies, or from the server in the form of sessions. But linking a connection to a session requires your computer providing a session id; and guess how your computer has to store a session id? If you guessed “in a cookie” you win.
Are cookie popups annoying? Oh holy Christ yes, both from a web user standpoint and from the stand point of having to implement them as a developer. But by outright rejecting cookies (and/or auto-wiping your cache/cookies when you close the browser), you’re telling the website it’s not allowed to store your preferences for not having cookies and eliminating the websites ability to recall that preference at all.
The reason you keep seeing the banner is because by saying “no” to cookies, you’re telling them they don’t have permission to store ANYTHING on your computer.
That's not how the regulation works. You don't need to ask for permission to remember settings the user actually set themselves. Those companies don't want to remember.
Another web developer here, that is how the California and European rules are interpreted. If we're acting in good faith we do not store anything.
Maybe you can find a way to argue user settings and session cookies don't require consent, but I am not a lawyer and I err on the side that doesn't put me out of business.
It's not about "finding a way to argue", but "follow the law". Which means "analyse every data point and categorise it". When you do that for remembering cookie settings, going down the three-part test, 1) The purpose of not annoying users is legitimate, 2) It is necessary to store a single boolean for that, 3) Balancing: As our previous analysis left us with a single boolean we simply note that that's not personal data.
This kind of stuff shouldn't be done by lawyers but your data protection officer. Random lawyers will have all kinds of crazy opinions about the regulations because they don't understand that area of law enough to interpret it. Heck your run off the mill US lawyers won't even understand European legal theory enough to understand it. Data protection officers, however, are trained and certified to do exactly those calls.
I don't know about education in the US but back in the early 00s, when I was still polishing lecture hall chairs with my butt, data protection was part of the mandatory curriculum. Not an official certification, but like 80% of what you needed to know to pass a certification test, and about 500% of what you need as a developer, which is spotting when something should get looked at.
As to putting you out of business: Even if my analysis was wrong (it isn't), this isn't "fine into bankruptcy" but "polite letter" territory. All those companies using dark patterns in cookie banners, OTOH, are risking serious action. It could even be argued that not remembering accept/reject settings is in itself a dark pattern, but again that would be "polite letter" territory.
I know how HTTP works. These banners are supposed to (and are legally allowed to) store a cookie saying you have refused. Websites are allowed to store session cookies with displaying a banner at all.
No cookies storing your answer
No, they set a cookie to store it, but with a low retention period, so you get bugged again.
Because you are cleaning your cache/cookies and wiping out the record of your selection, or outright rejecting them so they are never saved to begin with.
A serious law would be like (but in legalese):
By default you CANNOT use tracking cookies
If you want to use them you should have a Table that classify them based on how much fingerprint do they take
Then you have to explicitly ask the user in the most clear and unintrusive way possible if you can track them
And the consent should last 30 days max
That is actually really close to what is present now. The EU never said "use cookie banners" but rather "if you really want to track people, they have to say yes". And most commercial websites decided to make it hard to say no, now everyone blames the EU for doing so.
Your second point is not yet implemented, this would be really good for consumers.
They never should have made opt-in an option in the first place. All the legitimate reasons to store data are already permitted without asking permission (required for the site to function, or storing data the user specifically asked the site to store such as settings). All that's left is things no one would reasonably choose to consent to if they fully understood the question, so they should have just legislated that the answer is always "no". That plus a bit more skepticism about what sites really "need" to perform their function properly. (As that function is understood by the user—advertising is not a primary function of most sites, or desired by their users, so "needed for advertising to work" does not make a cookie "functional" in nature. Likewise for "we need this ad revenue to offer the site for free"; you could use that line to justify any kind of monetization of private user data.)
There is a fine and impossible to hit line that businesses have their own interest of surviving and should be able to use data. Like making better suggestions or tracking whether certain changes in their homepage work. This is not required for functioning but vital to companies for succeeding and giving you a better product. However, this should only be done on one site at a time, cross-site tracking oe fingerprinting is what sucks and allows data brokers to exist in the first place.
No lawyer can hammer into law, what a site needs to function, as it differs by site and is flexible in what people think is necessary. But your examples are good in that they show how sites go way too far to justify their over-the-top tracking. Maybe there really is an easy way to write it in "legalese", but I don't see it yet. But I am fully on your site, the current behaviour and practices are bad and unclear for customers.
Seriously I hate how disabling cookies is a hassle that you have to do on a seperate settings site... Where you get another cookie banner obstructing half of the settings
Sounds like the current law, except for the last point. The problem is with enforcing compliance.
And you know what? That’s cool. They’re not doubling down, they’re not staying the course. I’ve spent a lot of time in the EU and yeah, those cookie pop ups absolutely are annoying, but as a US citizen it’s a reminder of how the EU is trying to protect its citizens, FBFW, how the US is still bending to corporatocracy, and I am simultaneously envious and annoyed as I click “Alle Ablehnen”.
Just don't remove it entirely, currently companies will at least pretend to comply.
bEFORE yOU cONTINUE tO gOOGLE sure is annoying though.
I manufacture data about myself. Businesses want to collect this data for their commercial benefit and profit, without paying me. Cookie splash screens almost provide a method for this to happen legitimately, while still not providing me fair consideration.
Businesses should be prohibited from collecting user data, from taking value, without paying for it.
How could you enforce a ban on any kind of user data and how could such a compensation system even work?
A ban wouldn't work, because data collection is endemic. The cat is out of the bag.
Compensation could work through legislation and a commercial structure that dictates how things should be bought and sold. In Germany, rent is decided by the local town hall (Rathaus) on a per square metre basis. Such a system is not without flaws, but it's better than unfettered abuse by those who have against those who have not.
I don't know where you have your ideas about Getman rent from but I assure you that, barring some rent-control, the German rental market is free.
All of these comments that say different things, but all sound like "just do X, I'm an expert in EU laws and their theoretical consequences". It's as simple as that, is it? Wonder why nobody thought of that before.
Admittedly, but I for one can say with justified self-reliance that I expected this outcome even before the directive was in force.
Nice
Oh. Someone at the EU Commission started to use websites? 🤔
OH THANK f'ING GOD
I actually just landed in the EU for the first time since 2014, and i'm honestly quite pleased with the notifications i'm getting (albeit not the ones discussed here). The first time I opened AirBnB since landing, it asked me permission for all the data it wanted to collect for targeted advertizing, and I was actually able to turn off most of it. I wish the US had the same.
The website popups are quite annoying, but those are easier to control anyway by picking better browsers and extensions.
Ban adtech
Adtech is in another US
Common European Union W
Ah. I wasn't aware of that. Thanks!
Because asking nicely and hoping always worked that well...
About time. Last time I pointed out the uselessness of cookie banners, the reddit hivemind downvoted me to heck.
This is the worst output of EU regulation ever. How has it taken them so long to realise it's annoying?! Don't they use the internet in Brussels?
You dont need a cookie banner if you dont want to invasively track the users.
So its really the fault of the websites for wanting to use categories of cookies which do require a banner (ad and tracking).
Indeed
Plenty of websites that don't have a cookie banner like Wikipedia and Lemmy. And both of them are completely legal.
It is only after the cookie banner that we now know how many websites are actually selling our data, turns out it is the grand majority of them.
No, selling would also not be allowed via a cookie banner as the cookie banner doesnt address that.
GDPR already doesnt allow usage of PII which you cannot find legitimate reasons for. Just selling PII is never allowed as you will not find a legitimate reason for doing so.
But the cookie banner can allow more invasive tracking via setting tracking cookies which can be covered under legitimate interest for the operator of the website themselves.
It would be nice if the options weren't like "Enable all cookies" and "navigate 4 menus that try to convince you to enable all cookies."
It would be better if you could set your preference on the browser once and never have to mess with it again unless you want to have exceptions for specific sites
In theory this is done. There is a Do Not Track (DNT) header that is browser defined. Does anyone use it? Do they fuck.
I use it and the browser kindly explained to me that the feature is mostly useless because sites don't give a shit about it.
Sorry, I'll revise to what I intended (since I also use it). "Does anyone pay attention to it? Do they fuck."
Just make it illegal to sell user data to "data partners", and use cross site tracking.
Nobody actually "consents" to this shit. They just don't read.
I really wish we had a simulated world sandbox to try these ideas out in. I suspect this might lead to the end of most free websites.
TV never targeted commercials directly at "Dave Smith, likes fishing and interracial porn, lives in Chesterfield, searched for new cameras recently", but they still operated.
Sure, but also beside the point? I'm talking about the effects of changing an underlying mechanism of a live system, not of comparing two different systems that developed over time.
Here are my guesses: sites that have enough unique visitor count and data to work directly with advertisers may not fall. Small sites that rely on Adsense networks for revenue would no longer have revenue. A small (though non-zero) number of people/groups would continue on and seek alternative funding. Without ad networks, many tech companies fall.
I'm not saying that I'm against any of this, either. In my view, there's a large chance that nothing of real value (to a society) would be lost. Maybe we can bring web rings back.
Ad networks could still work, they just wouldn't have the targeting data to work with or the usage data they can sell as an entirely unrelated business model. They were profitable before the current big data push, there's no reason they couldn't continue to be profitable without that big data again
Do you think our economy has changed since big data targeted advertising? Your example is the same as Blackmists', essentially. We're 30 years down a path and flipping a switch like that would have widespread repercussions. Again, I'm not saying the repercussions shouldn't happen.
Yes it has changed, for the worse
There's no reason they can't just use the page you're on and a very rough "location from IP address" (e.g. just the country, and sometimes not even that), to give the advertisers something to aim at. If you're on a camera website, you'd see camera shops in the UK, etc, rather than a load of weird buttplug shaped things from Temu.
How would the advertisers get location IP if they can't have the data?
Edit: whoops, got trigger happy. Anyway, I'm totally behind taking back control from advertisers. They have an outsized influence in society. I also think there are unforeseen consequences of your blanket statement suggestion that haven't been considered, hence wishing for a simulation. Again, if advertising is less targeted, cost of customer acquisition goes up and most business models break.
Your browser would technically have to request the advert anyway. So they'd have your IP regardless if they served you an ad. They just wouldn't be allowed to push it and your browser fingerprint to 1000+ "data partners".
A better addition might be to have a dedicated advert tag in HTML, that disables any JS within that block, so the only thing they can do is give you a chunk of HTML/CSS/images with no ability to fingerprint.
Did you entirely miss Nielsen and the data they gave to advertisers?
Could we go back to that? Paying people to install spyware box behind their router?
Which free websites? The modern web is just:
The only ones whose business model would truly be threatened and whose loss would be problematic are newspapers.
OTOH newspapers accidentally cornering themselves in a "freemium" business model has fucked journalism over so bad I'm not sure how it could even be worse.
Free websites like the ones we are on barely exist anymore anyway, because how the fuck do you "compete" in the "free marketplace of search indexing" when some russian troll is burying you to page 5 of google's search results and you can't reach anyone via facebook or twitter without paying thousands?
“Free sites already operating out of the goodwill of some random admin” are where the good shit is.
Craigslist struck the first blow against newspapers by taking away classified ad revenue. The death blow came when Silicon Valley taught people that "information wants to be free," which meant that no one wanted to pay for local news anymore. That led most local newspapers to collapse, while the few that managed to survive --apart from a handful of "legacy" papers-- mostly did so at the cost of turning into click-bait sites or outrage machines.
We have to bring back the idea that people should be happy to pay for local news.
They can just run ads without all the tracking bullshit and data collection like they do on every other medium with free ad supported content like radio and television. Somehow I can watch TV and listen to the radio for free and they manage to stay running without monitoring my every move.
Might be less profitable for them but so be it. Just because tracking helps their business doesn't mean it is justified.
I'm not a fan of the cookie consent popups, but I do appreciate the EU actually trying to do something to protect people's privacy. Seemingly the only major entity to do so right now.
That was my first thought as an American. It's refreshing to see that 1. They attempted something meaningful in the first place 2. They recognize it isn't perfect/not having the intended effect and are making adjustments.
This seems like a functioning government.
A better solution would be to force sites to care about the Do Not Track browser setting that currently does nothing as told by the browsers themselves.
Exactly this. The goal of requiring explicit cookie consent/refusal is admirable, but the implementation of cookie banners is both useless and terrible. We already have a way to communicate to websites whether we're alright with cookies or not, they're called HTTP headers.
The irony of DNT becoming another data point to fingerprint you with sucks.
Just add 2 things:
Most importantly, those banners should be streamiled to look the same at the very least. No highlighing "ACCEPT ALL" while graying out "reject all" nonsense. No swapping the buttons left and right, top to bottom trickery. I'd prefer if the browser takes care of it all, though. I'm already using a plugin for that, though it comes with draw backs.
Which plugin do you use?
I am using „I still don‘t care about cookies“ for Firefox. It basically auto-selects the least required cookies possible. Though some sites don‘t offer opt-out so it will automatically accept those cookies. Not perfect, but I really can‘t be bothered to do a cookie captcha every time I open a private tab for example.
Right, this!
Tired of all the dark patterns.
No, just ban the collection of user data and selling to 3rd parties. Enormous fines for anyone still doing it. Destroy this entire industry please.
The EU is primarily pro-business, but that also means being against anti-competitive and underhanded business practices
The browser thing sounds like a good solution (although there must be a reason why DNT headers weren't made legally binding, potentially as they wanted to allow people to pick and choose what cookies they allow based on what they thought was "too far" or something but that's conjecture), however disallowing all user data will likely lead to companies not being able to advertise to people who are interested in their products, something which the EU will see as a negative and would also cause an uptick in scams and misinformation as you see in low quality advertising space at the moment
This comment got to me really late, probably to Lemmy's distributed nature.
But I still want to add: of course business will make more money if you allow more practices, but selling personal data just has too many negative consequences.
Also low quality advertising? You mean like billboards and in the newspaper? You mean regular advertising?
I mean "[local town] grandma discovers 10 foods you never knew you should avoid" or even downright scams when I say low quality advertising
Also "negative consequences" is a bit overdramatic and I'd love you to elaborate... Really it's down to the person's own opinion, eg you don't like it so you'll reject that sort of thing, meanwhile I don't mind it especially as a way of paying for decent quality media so I'll allow it on some sites but not others
He said that should be added
So true. And then you have Schibsted, Norways biggest media conglomerate; the only way to reject cookies is that you have to log in in order to reject it! According to the cookie law (no idea what it's called), it's illegal. It's been reported to the EU and Norwegian government numerous times, but nothing happens. Fuck Schibsted!!
In my experience a lot of italian (particularly "news") websites basically say "accept cookies or sign up for our paid subscription"
Incognito and accept all
I meant it should be added as a default thing you have in every one of those things.
But even if you reject all, you still allow them to track you through the legitimate interest cookies
That doesn't sound like a legitimate interest and should be fined or something.
well, not on every cookie banner
The reject all is already a thing. (Well is not all all, but reject all except necessary but those doesn't matter much, they are not tracking).
That said usually is not called this way as obvious, sometimes is just "reject" without the all, "accept only necessary", "decline", etc or you have to close the banner etc or they use some other confusing pattern.
What's annoying is the "Reject" button hidden on another page. That should be illegal.
And it actually is... Quote from the GDPR:
The problem isn't the law. It's that it isn't enforced.
It is enforced, but there are so many websites with so little time.
So it takes a while. It used to be WAY worse.
Plus the 'legitimate interests' of 3rd parties
Yeah, definition of "legitimate interest" is definitely being stretched well beyond it's breaking point.
Pretty sure it is
It should be just a browser option.
You set cookies on or off, ans the browser sends the option in the headers. Websites just need to take the option from the header instead of a banner.
It already exists and is called "do not track".
Unfortunately by sending DNT you are merely suggesting to the server that you wish to not be tracked. There's no requirement for the server to actually care about you at all.
Now, if DNT were actually legally binding though - that would indeed be very cool.
Yes and this is what they should have legislated. I don't know if lobbyists or stupidity got in the way, or both. But the fact that this news comes now so close to Google Chrome abolishing cookies for its new "privacy" feature is suspicious timing.
That has been tried with the DoNotTrack header. Turned out servers didn't oblige by it.
That's because it was entirely voluntary. It should be integrated in the browser by law, and the choice should be binding
Yeah, but if the EU required sites to pay attention to them...
There are addons (for firefox at least) where the cookie banner will come up but your browser auotmatically refuses all cookies.
Yes, but it often doesn't work and even when it does the site is unusable while it works, which for some particularly awful banners is several minutes. The situation is worse on mobile where most people have a browser that you can't install add-ons to (and I'm not sure if that one works in firefox mobile anyway)
https://consentomatic.au.dk/
This is the one I use. It's FOSS and developed at a university.
Am I mistaken in believing it is an already a browser option?
Off the top of my head Qutebrowser and Falkon both support not-saving 3rd party cookies.
Your browser can not save third party cookies, but it might break some sites. Some advertising situations allow the use of first-party cookies, and blocking first-party cookies will break most sites.
In either case you will still have to fill out the consent form, and if the consent is stored in the kind of storage you block, then you will have to fill it out every single time you visit.
The DuckDuckGo browser has this baked in as 'Cookie Pop-up Protection'. It doesn't quite get rid of them all, and doesn't let you set a default for what you want (it'll basically pick the most privacy-forward option) but I've found it works pretty well.
if website has a choice, then they will often choose an option that benefits them the most.
Good news is third party is being phased out now https://developer.mozilla.org/en-US/blog/goodbye-third-party-cookies/
They should do something about "consent platforms" using various DNS tricks and thousands of domain names to bypass/evade user blocks.
I wasn't so bothered about some non-invasive ads a few years ago, but I absolutely despise any kind of ad now TBH, and it's mainly down to how persistent some of these platforms are with their evasion tactics
Also pretty ironic for their popups to talk about "respecting" my privacy when these platforms literally do the opposite of that to show their popup in the first place. I will not support any of them, in any way, on my network.
As soon as I see a new one appear when browsing, I chuck it into dnsdumpster so it can get recorded with the rest of them, and then block the new list from dnsdumpster (grid icon) on my network.
The EU law explicitly says no consent by default and users have to opt in. All of these cookie banners are breaking the law, the law doesn't need to change it just needs enforcing and these banners will disappear. We already have a do not track header and that could be complied with but it's enforcement that is the problem.
How do they break the law? The opt-in forces them to ask you first and that's what the annoying banners do. Sites that don't care about tracking also don't show these pop-ups.
The default should always be “no”. The user has to opt in.
The law specifically says not to do the super complex dark pattern deny every 3rd part cookie manually by hand - crap.
The problem is that it’s not enforced
The user often needs to click through several steps to say no
And that’s exactly against both the spirit and the letter of the law. They need to enforce it.
Now don't make it worse!
Narrator: They made it worse
'they always can, they always will'
I'd be happy to keep the ones that say:
"we notice you are in europe and we can't use our cookies to track you so you can't come to our website"
It's good to know sites with policies like that to ensure I never visit them.
"It is literally impossible for us not to spy on you or sell your data. Sorry not sorry bye."
Typically, those already have geo filters because they can't be bothered to implement EU requirements.
Unless you're outside of the EU, of course, in which case you'll probably be tracked no matter what.
One example I know if is my hometown newspaper, dentonrc.com; I have a friend who moved to Europe and was annoyed that they geo-blocked him, but I can't really blame them. How many people are really gonna visit the site for a small American newspaper from the EU? From a business perspective it makes no sense for them to pay a developer to do more than the bare minimum.
I know, I certainly don't blame the little sites.
Geoblocking in such cases would not be sufficient. For one thing your geo-IP database will never be perfectly accurate, even without considering that "data subjects who are in the Union" can connect to your site via proxies or VPNs with non-EU IP addresses. For another you still need to respond to GDPR requests e.g. to remove data collected on a data subject currently residing in the EU, even if the data was collected while they were outside the EU, and you can't do that if you're blocking their access to the site. For a newspaper in particular the same would apply to any EU data subject they happened to report on, whether they had previously visited the site or not.
What exactly is the EU gonna do about a foreign site that does no business in the EU? They don't rule the world.
Sure, they don't rule the world. They only have the power to ban you (either the company per se or its individual owners, officers, and/or employees) from ever again doing any business in the EU. Which naturally includes business with any individuals or companies either based in the EU (as a seller or a buyer) or wanting to do business in the EU. Or from traveling to the EU, whether for business or personal reasons. Little things like that. Nothing too inconvenient. (/s)
They haven't taken things quite that far—yet. But they could. It's dangerous to assume that you can ignore them without consequences just because your company doesn't currently depend on revenue from EU customers. The world is more interconnected than that, and the consequences may not be limited to your company.
So is a local newspaper supposed to be afraid of not complying aggressively enough with foreign laws from the whole world, or just the EU? The way I see it they're already doing more than is reasonably required by making a good faith effort to prevent people in the EU from accessing their site. Holding them responsible for people who deliberately bypass the blocking seems downright imperialist to me.
What if this wasn't a website issue but a browser one. Browsers invented cookies so browsers should be the ones to implement the banner feature. All Developers would then be forced to implement fallbacks to their cookies since the user could turn cookies off. If it was browser based fix then it would be a consistent UI and developers wouldn't be able to do shady shit(at least with cookie consent is concerned)
Damn, this is a really great solution. Then I could decide once if I wanted the cookies and the browser would decline/accept(lol) all from that point.
Technically you can do this already with some firefox settings, or with extensions. Set your preference and forget.
Not only are they annoying, they go half way to legitimising the theft of user data.
Exactly. Identify what uses are legitimate and what uses aren't, and legislate directly. None of this consumer consent crap because it's meaningless to consumers. No consumer benefits from their browsing habits being under surveillance.
Was done before too, but now the websites simply need a banner for using categories of cookies which require it (tracking, marketing, ..)
And we already have GDPR at least limiting activities in a broad sense. (of course lots of leeway, but still much better than before)
You cannot do more with a cookie banner you couldnt already do before.
What do you mean? GDPR allowed for the "unless the visitor agrees" stuff so that's why we see cookie banners everywhere.
I would say it should either be allowed or not, depending on the use case. A navigation app should be able to track your location for the service they provide but not for ads or selling to other companies. Your calculator app has no business even asking. Profile based advertising (rather than content based) should be banned wholesale. That sort of stuff
You do realize you only see the cookie banners because the companies are now forced to show you one? It's not like they started collecting shit only after the GDPR nor is it entirely illegal and unethical to sell user data. The point of the GDPR was to make users aware of which websites are selling which data and give them an avenue (be that declining cookies or leaving the site) to prevent that. Corporations then designed their way around the wording of the GDPR to make declining cookies as difficult as possible which is why we're seeing this push for a revision now. The goal still isn't to make user data based financing impossible, it still is to prevent users from being pushed or bullied into selling their user data against their will.
That should be the goal. This cannot be left to individual consumer choice, is what I'm saying. The annoying cookie banners should be a wake-up call for regulators that the "let the consumers decide" experiment has failed.
The cookie banner is only required to store data on the users device. the tracking without is still possible and potentially allowed via legitimate interest.
If they want more they already ask for more outside the cookie banners when they require or want to have your consent (e.g. consent to load content from sources which will transfer your data outside their control e.g. youtube-embedings)
The limitations of whats allowed is already established in the GDPR, so anything you cannot find legitimate reasons for is already not allowed e.g. simply selling your data to other companies (as long as they include PII)
And as coupling is not allowed either its not allowed to couple consent with a cookie banner (which should only be used to ask for permission to store data for purposes which arent required for the usage).
What we do need is to have a technical implementation of the browser to tell the website via standardized methods what is allowed or not.
Eh, I think cookies should just be opt-in unless they're absolutely necessary for the site to function.
Then all cookies will be considered necessary. It's very hard to legislate the edge case.
It's already the case that necessary cookies don't need permission, but websites do not abuse this to not show the prompt. This is because the legislation has teeth.
This is exactly the spirit of the cookie law
Companies already bundle their invasive data collection with necessary features so if you block it than the website just won't work, this would incentivise that behavior if necessary cookies are automatically approved.
Ah yes, the good ol Internet
ExploderExplorer tacticAt least the regulation show us how shady internet is. That banner only shows up if the website is going to use cookies to use your data as a way to make profit. The fact that every website is doing that was eye opening for a lot of people.
Lol I'm a web developer who has put hundreds of those banners on clients' sites. Not as part of some nefarious data-selling scheme, but rather as a shallow tickbox exercise in order to comply with laws about technology they don't understand.
In this case, assuming ignorance over malice is the way to go.
In this case i assume you're an ingnorant developer who didn't thought of better options to comply with the law
In any case you are welcome to make incorrect assumptions, especially if my statement hurt your feelings.
I bet they will keep adding loopholes to keep websites bullying their visitors.
why bother making legal frameworks when you can't enforce them, there are hundreds of thousands of website including very prominent ones that hide the "reject all cookies" button after a second screen prompt. or flat out force you to opt-out of every second cookie category , just so you give up. they haven't been fined. and they know EU authorities aren't bothered either, so they keep infringing on the GDPR.
Lawmaking is a slow and tedious process full of compromises, and the EU is apparently the only governmental body that cares enough to actually do something against the wild west of digital tracking. I for one am happy about that, and contrary to public opinion the GDPR is actually being enforced (albeit not strictly enough).
I saw one that required you to decline every single company that was purchasing marketing data from the site. It was like 300 companies long where you had to click the slider to turn them each off individually.
Sometimes, it’s difficult to discern which setting of the slider is on or off. They use nonstandard colors or don’t explain in text which setting signifies each option.
My biggest qualm is that usually these sites won't save it when you only allow necessary cookies. So they will ask you for every single session until you give in.
There are sites that respect the "do not track" setting of the browser and just display a small timed info on your first visit that cookies have been rejected. Example: geizhals.eu geizhals.de
A start would be to require sites to remember non-consents for at least as long as they remember consents. Why do I have to be asked about cookies by every site every month?
That sort of thing is stored in a cookie.
You don't need permission for that particular one, though, it's site functionality and the user can reasonably expect that that kind of thing gets remembered.
Lots of stuff doesn't need permission, when you're seeing a banner either you're dealing with someone clueless, or they want to track you. Or both, of course.
Web developer here. A “cookie” is just a piece of information stored on your machine. A cookie can be a setting, saved app data, or a tracking id.
The reason you keep seeing the banner is because by saying “no” to cookies, you’re telling them they don’t have permission to store ANYTHING on your computer. Which is fine. Your computer your call.
But if they can’t store anything on your computer, there’s no way to remember that setting next time you come to the website. No local setting storage means they don’t have the stored “no cookies” setting to load. Likewise there’s no tracking id they could potentially look your setting up in their own database by.
Web site requests are “stateless”. That means that, to a web server, each and every single request to a server is its own brand new, separate connection with no link to any other connection. The only way to share data between individual requests is via some kind of stored “state”. That state can come from your computer in the form of cookies, or from the server in the form of sessions. But linking a connection to a session requires your computer providing a session id; and guess how your computer has to store a session id? If you guessed “in a cookie” you win.
Are cookie popups annoying? Oh holy Christ yes, both from a web user standpoint and from the stand point of having to implement them as a developer. But by outright rejecting cookies (and/or auto-wiping your cache/cookies when you close the browser), you’re telling the website it’s not allowed to store your preferences for not having cookies and eliminating the websites ability to recall that preference at all.
That's not how the regulation works. You don't need to ask for permission to remember settings the user actually set themselves. Those companies don't want to remember.
Another web developer here, that is how the California and European rules are interpreted. If we're acting in good faith we do not store anything.
Maybe you can find a way to argue user settings and session cookies don't require consent, but I am not a lawyer and I err on the side that doesn't put me out of business.
It's not about "finding a way to argue", but "follow the law". Which means "analyse every data point and categorise it". When you do that for remembering cookie settings, going down the three-part test, 1) The purpose of not annoying users is legitimate, 2) It is necessary to store a single boolean for that, 3) Balancing: As our previous analysis left us with a single boolean we simply note that that's not personal data.
This kind of stuff shouldn't be done by lawyers but your data protection officer. Random lawyers will have all kinds of crazy opinions about the regulations because they don't understand that area of law enough to interpret it. Heck your run off the mill US lawyers won't even understand European legal theory enough to understand it. Data protection officers, however, are trained and certified to do exactly those calls.
I don't know about education in the US but back in the early 00s, when I was still polishing lecture hall chairs with my butt, data protection was part of the mandatory curriculum. Not an official certification, but like 80% of what you needed to know to pass a certification test, and about 500% of what you need as a developer, which is spotting when something should get looked at.
As to putting you out of business: Even if my analysis was wrong (it isn't), this isn't "fine into bankruptcy" but "polite letter" territory. All those companies using dark patterns in cookie banners, OTOH, are risking serious action. It could even be argued that not remembering accept/reject settings is in itself a dark pattern, but again that would be "polite letter" territory.
I know how HTTP works. These banners are supposed to (and are legally allowed to) store a cookie saying you have refused. Websites are allowed to store session cookies with displaying a banner at all.
No cookies storing your answer
No, they set a cookie to store it, but with a low retention period, so you get bugged again.
Because you are cleaning your cache/cookies and wiping out the record of your selection, or outright rejecting them so they are never saved to begin with.
A serious law would be like (but in legalese):
That is actually really close to what is present now. The EU never said "use cookie banners" but rather "if you really want to track people, they have to say yes". And most commercial websites decided to make it hard to say no, now everyone blames the EU for doing so. Your second point is not yet implemented, this would be really good for consumers.
They never should have made opt-in an option in the first place. All the legitimate reasons to store data are already permitted without asking permission (required for the site to function, or storing data the user specifically asked the site to store such as settings). All that's left is things no one would reasonably choose to consent to if they fully understood the question, so they should have just legislated that the answer is always "no". That plus a bit more skepticism about what sites really "need" to perform their function properly. (As that function is understood by the user—advertising is not a primary function of most sites, or desired by their users, so "needed for advertising to work" does not make a cookie "functional" in nature. Likewise for "we need this ad revenue to offer the site for free"; you could use that line to justify any kind of monetization of private user data.)
There is a fine and impossible to hit line that businesses have their own interest of surviving and should be able to use data. Like making better suggestions or tracking whether certain changes in their homepage work. This is not required for functioning but vital to companies for succeeding and giving you a better product. However, this should only be done on one site at a time, cross-site tracking oe fingerprinting is what sucks and allows data brokers to exist in the first place.
No lawyer can hammer into law, what a site needs to function, as it differs by site and is flexible in what people think is necessary. But your examples are good in that they show how sites go way too far to justify their over-the-top tracking. Maybe there really is an easy way to write it in "legalese", but I don't see it yet. But I am fully on your site, the current behaviour and practices are bad and unclear for customers.
Seriously I hate how disabling cookies is a hassle that you have to do on a seperate settings site... Where you get another cookie banner obstructing half of the settings
Sounds like the current law, except for the last point. The problem is with enforcing compliance.
And you know what? That’s cool. They’re not doubling down, they’re not staying the course. I’ve spent a lot of time in the EU and yeah, those cookie pop ups absolutely are annoying, but as a US citizen it’s a reminder of how the EU is trying to protect its citizens, FBFW, how the US is still bending to corporatocracy, and I am simultaneously envious and annoyed as I click “Alle Ablehnen”.
Just don't remove it entirely, currently companies will at least pretend to comply.
bEFORE yOU cONTINUE tO gOOGLE sure is annoying though.
Remove banners, just make the companies respect the browser setting.
Please do remove it entirely.
I manufacture data about myself. Businesses want to collect this data for their commercial benefit and profit, without paying me. Cookie splash screens almost provide a method for this to happen legitimately, while still not providing me fair consideration.
Businesses should be prohibited from collecting user data, from taking value, without paying for it.
How could you enforce a ban on any kind of user data and how could such a compensation system even work?
A ban wouldn't work, because data collection is endemic. The cat is out of the bag.
Compensation could work through legislation and a commercial structure that dictates how things should be bought and sold. In Germany, rent is decided by the local town hall (Rathaus) on a per square metre basis. Such a system is not without flaws, but it's better than unfettered abuse by those who have against those who have not.
I don't know where you have your ideas about Getman rent from but I assure you that, barring some rent-control, the German rental market is free.
All of these comments that say different things, but all sound like "just do X, I'm an expert in EU laws and their theoretical consequences". It's as simple as that, is it? Wonder why nobody thought of that before.
Admittedly, but I for one can say with justified self-reliance that I expected this outcome even before the directive was in force.
Nice
Oh. Someone at the EU Commission started to use websites? 🤔
OH THANK f'ING GOD
I actually just landed in the EU for the first time since 2014, and i'm honestly quite pleased with the notifications i'm getting (albeit not the ones discussed here). The first time I opened AirBnB since landing, it asked me permission for all the data it wanted to collect for targeted advertizing, and I was actually able to turn off most of it. I wish the US had the same.
The website popups are quite annoying, but those are easier to control anyway by picking better browsers and extensions.
Ban adtech
Adtech is in another US
Common European Union W
Ah. I wasn't aware of that. Thanks!
Because asking nicely and hoping always worked that well...
About time. Last time I pointed out the uselessness of cookie banners, the reddit hivemind downvoted me to heck.
Cookie Monster approves.
Finally. They are total bullshit.
This is the worst output of EU regulation ever. How has it taken them so long to realise it's annoying?! Don't they use the internet in Brussels?
You dont need a cookie banner if you dont want to invasively track the users.
So its really the fault of the websites for wanting to use categories of cookies which do require a banner (ad and tracking).
Indeed
Plenty of websites that don't have a cookie banner like Wikipedia and Lemmy. And both of them are completely legal.
It is only after the cookie banner that we now know how many websites are actually selling our data, turns out it is the grand majority of them.
No, selling would also not be allowed via a cookie banner as the cookie banner doesnt address that.
GDPR already doesnt allow usage of PII which you cannot find legitimate reasons for. Just selling PII is never allowed as you will not find a legitimate reason for doing so.
But the cookie banner can allow more invasive tracking via setting tracking cookies which can be covered under legitimate interest for the operator of the website themselves.
You must hate your doctor for giving you the diagnosis of your illness :P