(no title)

> It's not the EU's fault that you have to click cookie banners. Those banners are only required if a website plans to do malicious things with the cookies.

I just check some web pages from diffrent organs of the EU:

https://commission.europa.eu/select-language?destination=/no...

https://www.consilium.europa.eu/de/european-council/

https://european-union.europa.eu/institutions-law-budget/ins...

They all have cookie banners, some of them are super prominent and annoying. So maybe they as well are doing malicious things, maybe they don't understand they own regulation, or it is just impossible to have a non-trivial web page without a cookie banner in 2023. In either case, the regulation is totally dettached from reality and has become just some ritual.

So the EU should ban the malicious thing, instead of putting that fatigue onto all users everywhere.

They are needed if they do anything with cookies and don’t block EU IP addresses: the laws are quite vague, and interpretation has for been quite broad.

> If they're used to track who's logged in, they are not required.

https://gdpr.eu/cookies/

    To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

    Receive users’ consent before you use any cookies except strictly necessary cookies.
    Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
    Document and store consent received from users.
    Allow users to access your service even if they refuse to allow the use of certain cookies
    Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

If you want to save a person's login to make it easier for them to log in when they come back? That's not strictly necessary - consent is needed. If you save settings to a cookie - that's not strictly necessary - consent is needed. And then there's the "using a cookie to track a session to determine page bounce rate - even if it's not Google Analytics" - consent is needed.

And of course, consent is needed if you are using cookies for marketing.

Malicious and lazy compliance are known problems with regulations that should be accounted for in advance. California's prop 65 passed in 1986, so by the time the EU was working on the GDPR they had more than 30 years of precedent for useless warning labels stamped on everything until they lose all meaning.

Theoretically websites could choose to do better, but the EU should absolutely have predicted this outcome.

>It's not the EU's fault that you have to click cookie banners.

Yes it is.

This is not the interpretation I've been told. All stored things i.e. cookies, local storage, tracking jpegs etc must be described to the user and have an opt out.

No, it's always required.

There are lots of people, myself included, who are aware of how much data big tech has already cultivated on us and don’t give a damn if at this point BBC or Mike’s Bike Blog get in on the action too. Really we just wanted to read our article and not be interrupted, so we can go back to what matters more: anything not on the computer.

I’ve never felt protected or assisted by the cookie banners, just annoyed and inconvenienced.

I’m pretty sure your contact in a major company will be even more shocked if they knew what all these European FinTech companies do with their customer’s data.

All the important things such as purchasing habit that used to require indirect guesses are now directly available in their databases as essential functions.

We don't have a right to privacy in the US.

Making rejecting opt-in cookies more difficult than accepting them is illegal. Fines have already been handed out for this. See https://www.dataprotectionauthority.be/citizen/iab-europe-he... for just one example.

Even Google has a "reject all" button in their cookie prompt these days. If rejecting takes you through multiple layers, consider reporting the website or their tracking partner to your local DPA.

The ad industry is intentionally making their popups as inconvenient as possible. They childishly point to the EU legislation that they "have" to make your life miserable with those popups but they really don't. They can choose to make your life easier, but that threatens their business model of using you and your browser as a source of revenue.

They can simply stop tracking you at all if you send the do not track header. You wouldn't even see the popups! They can even still serve ads, just not the ones based on the profile they've collected.

I think the categories should be:

- Accept all

- Mandatory for function non-tracking cookies only

- Reject all

There should be a standardised browser accessible interface so browsers can automatically choose the one you want on your behalf based on your browser settings.

> Every time it's a different design, different button text, different options

this is on purpose

if you could commit where the Deny button was to muscle memory, you would click it every time

I have hard time believing it is not intentional. I think Europe could easily enforce consistent UI which could be automated through ad blocker, but now they know that most companies would rather stop serving Europe than not track users for ad.

Yeah, I feel like I'm defending democracy and freedom whenever I click on the "Accept All" button. Not all heroes wear capes!

I support your concern that I don't share, so why make me suffer? I tried the "I don't care about cookies" extension but it didn't work for me.

Cambridge Analytica was actually pretty irrelevant.

Why couldn't that have happened in the browser though? We have plenty of mechanisms to block and/or delete cookies.

Essentially, now we're at a state where consent banners exist, slowing down all sites, and there are like four states: a) they look compliant, but are ignored by the website provider (the EU itself takes this approach), b) they are flat out ignored (a lot of companies still take this approach) c) they aren't compliant (tiny "no" link, huge "yes, take my firstborn" link) d) they're compliant and are paywalls (buy subscription or accept everything under the sun).

d) is what we're probably going to end up with, so you either pay or you accept tracking. More and more solutions offer that as an option so adoption will grow. Most people accept tracking (stats that I've seen say that those paying are like 1/10,000th), so what have we won exactly by doing this dance?

>this excessive tracking [by website operators] must be stopped somehow

Easy. Clear your cookies. Use a proxy. Use a fingerprint resistant browser. Will protect against >99% of website operators.

Cookie banner is "meant well, turned out badly" law. GDPR kinda fixes few things with it.

Ideally browser should just send "do not track" and site should fuck off with tracking, no questions asked.

The only thing holding me back from using that extension is

> In most cases, it just blocks or hides cookie related pop-ups. When it's needed for the website to work properly, it will automatically accept the cookie policy for you (sometimes it will accept all and sometimes only necessary cookie categories, depending on what's easier to do).

If there was a way to be assured that 99.9% of the time it hit reject all, instead of accept, I would absolutely use it.

Note that this extension is owned by Avast, which is known to harvest user data; by installing this extension, you allow Avast to harvest all your browsing data.

This should be an option in uBlock (if it isnt already).

Thankfully I don't give them my data. Wish everyone could've done the same, but here we are.

I'm suspicious of regulation until a good case is made for it. I'm suspicious of people whose world view is "we must regulate what others do" as their default position. I'm fine with regulation when there is a proven need for it.

Neither ePrivacy nor GDPR require cookie consent popups, instead they basically say that tracking requires consent. GDPR only mentions cookies once, in its recitals. It's the adtech industry that decided to ignore DNT.

As others have linked, even the European Union organs themselves all show cookie banners.