191
Europe’s cookie law messed up the internet. Brussels wants to fix it.
(www.politico.eu)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 22 Sep 2025
191 points (95.3% liked)
Privacy
42146 readers
1930 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
The idea that there are "essential" cookies is what broke the law. There is no such thing, there are only cookies which would mildly confuse the average user if they weren't present. People should still have the option to opt out of th se cookies as well.
That is factually incorrect. Many websites would literally stop working. Not "mildly confuse", but "be unusable".
You ever logged in to a website? That's a cookie. Ever used an online shopping cart? That's a cookie. Ever changed a websites language in a dropdown? That's a cookie.
All these cookies are first party. There are also essential third party cookies for thing like SSO ("sign in with google/Facebook/github/etc")
Tell your browser to reject 100% of cookies and tell me how much fun that is.
"Legitimate Interest" is the bullshit term. Why does an ad company have a legitimate interest to my data? That should be removed from the law.
"Essential" is still very vague. All purposes should be categorized. If used for session/identity, then it should be categorized as "session/identity", there should not be a category defined as "essential".
You can also make a karaoke page that does not work without access to the microphone, but still the browser has a dedicated permission request for this, it does not get mixed up into a bucket of generic "essential" permissions only because that page doesn't work without using the microphone.
There should be a whole HTML standard similar to the
Notification.requestPermission()(which requests permission to send browser notifications), but with a granular set of permissions for storage of data for different purposes.And this should be a browser standard, not a custom popup in the logic of the website itself that will be styled differently on each page, allowing all sort of anti-patterns. I should be able to control, from the browser, what the defaults should be for each individual category of data, without having to click through every single website I visit individually. The UI to request for consent should be controlled by the browser, not by the page.