The law didn't mess up the internet, asshole business owners with their bullshit malicious compliance (and spineless devs enabling them) messed up the internet.
Yep, there even was a standard that would have been sufficient, Do Not Track. https://en.m.wikipedia.org/wiki/Do_Not_Track
Even worse, many data agencies will use the Do Not Track flag as an additional datapoint to add to your fingerprint.
This shit should be mandated, with strict “the company has been burned to the ground and the ashes have been salted” levels of penalties for violating it.
This! A thousand times THIS!
This is also evidence they never wanted to implement user protection.
It wouldn't be hard to add a clause mandating that websites provide an easy-to-access "reject all" button that actually rejects all cookies.
Unless I'm very mistaken rejecting all cookies must not take more clicks than accepting them. Too bad nobody enforces that...
Too many websites like almost all US local news outlets and businesses like Home Depot just block all EU and Swiss IP addresses, which really sucks for a multitude of reasons.
I'm seeing more and more of this "pay to reject" thing and it's really annoying me
Arguably e-privacy and gdpr require a reject all button.
I'm pretty sure the law already said that the reject button cannot be more convoluted to access than the accept button, corporate websites just couldn't care less
Just mandate a single button to reject all cookies and that the default be "reject all" if users skip the banner.
That doesn't work, because rejecting all cookies means it's impossible for the page to remember whether you skipped the banner.. so the result is that the banner will always show.
The real solution would be to have this be a browser / HTML standard. Similar to other permissions managed by the browser (like permission to get camera/mic, permission to send notifications, etc).. then each browser can have a way to respond to these requests for permission that we can more fully control/customize.. with a UI owned by the browser that is consistent across websites and with settings that can be remembered browser-side (so the request can be automatically denied if that's what you want).
The law only concerns cookies that are not strictly necessary to provide a service.
So the cookie to remember that you denied all non-necessary cookies could be seen as necessary and thus not require your consent.
@PumpkinSkink@lemmy.world said "reject all", not "reject optional cookies" or "allow essential". If the website offers a "reject all" button (which many do, even if that's not mandated by the law), it actually does reject even the essential cookies. In my experience, the times I've chosen to press such button it always result on the banner showing again if you refresh the page.
And "Could be seen as" is subjective too. They could argue that having the banner, even if inconvenient, does not really break the website. They can also easily argue that since the point of the law was to get them to request consent then they are actually being even safer in terms of compliance by asking more.
Also, I still would rather have the possibility of no banners, not even the first time I open the page. The configuration from the browser following the standard could set a default for all websites and potentially avoid the popup to begin with. Then the responsibility would be with the browser, not the website.
I still would rather have the possibility of no banners, not even the first time I open the page.
Oh that's entirely possible, even with the current law as it is. All the developer has to do is to stop using cookies for anything that is not related to the functionality of the website.
But of course, the adtech bros won't give up on their precious tracking, so they'd rather try and shift the blame with an empty argument along the lines of "Hey, the bad EU law is forcing us to bother you."
Yeah, that's why I'm saying that the current solution does not work. It's why I was proposing a new standard that is enforced by law and that does not depend on subjective definitions of what's "essential" so anyone who does only want to allow certain purposes can opt in/out of certain cookies without the hassle.
Think they can ban the "pay, or let us track you" tactic I've been seeing pooping up too? That's fucking extortion.
That's gross man. Where's it pooping up so I can avoid it?
Instead, ban the collection of non-essential data, and also ban the targeting of advertisements based on user profiles/history
Only select advertisements to display based on the immediate context, exactly like printed newspapers and magazines
That is the right way, ads are a legit manner to create incommings if they are contextual, but not if they are abusive and surveillance based, tracking and logging the user activity. As in YT, it's not the problem to have ads in the page or as banner at the border of an video, but it is, that the interrupt an conciert documental with several no scippable long ads, popups to use Premium, clickbaits and other crap, which serve nobody, less the author. In this case using an adblocker is mere selfdefense and legit to cut this crap and nags. A good manner is eg. how Bandcamp do it, there you can freely listen almost every song or album, without ads, and there you can buy and download it when you want, paying direct to the artist and Bandcamp an revenue. Or as Vivaldi does, using afiliate links and search engines added by default, which pay an revenue to Vivaldi, if the user use these, who is free to delete those which he don't use. These and similar methodes are a legit and ethical way to create incommings, without putting in risk the right of privacy of the user, selling his data.
Problem is not the law, but that the companies implemented it in as annoying of a way as possible to get people pissed off about the law and force it to be dropped, or for what actually happened which is that it's too much work to not opt-in to the cookies which essentially makes it opt-out not in.
And the idea to remove the requirements for "simple statistics" or whatever terminology they use will just get abused by using other illicit tracking tech to link the cookies to uniquely identify a person anyway. So it will effectively make the popups unnecessary in any circumstances and still allow tracking for marketing and surveillance.
Some websites do it right. They have a "reject all" button, and that's that. But then there are others where you have to deselect a whole shit load of checkboxes just to reject the fucking cookies. Sometimes they even have a "Pay to reject" shit. WTF. Ugh.
The law requires them to make a one button option to deny all.
Google got fined millions of dollars for making it two clicks. And then they changed it to one click "reject all" after that.
Ublock Origin's "Cookie Notice Filter + Annoyances Filter" combo stays winning as always :)
Yes, the Vivaldi blocker use also the same filter, but as said, it skip the popup only after an second, when it finished to load. This filterlist is also used by almost all adblocker too (Adguard, Adblock Plus, uBO lite and others more, same as also specific extensions, like 'I don't Care About Cookies' and others more. This is because these pop ups, apart of anoying, are useless.
It’s funny, this is how you see how politicians act when they are personally involved.
Cookies and banners annoys the shit out of them, so they actually do something.
They don’t care about the internet.
This is like one of the only banner type things I like.
I can hear the lobbyists (both civil society and big tech, mainly the big tech ones) marching towards Brussels right now. This will be as heated as the Digital Markets Act.
Fighting is expected to flare up again next year, when the Commission wants to present an advertising-focused piece of legislation called the Digital Fairness Act. The executive has stated that the rulebook will help protect consumers online, including from manipulative design or unfair personalization.
Just make companies respect the do not track flag I can select in the browser.
Denmark (currently presiding over meetings in the Council of the European Union) suggested in May to drop consent banners for cookies collecting data “for technically necessary functions”
That already doesn't require consent
or “simple statistics."
Also doesn't require consent, when the statistics are anonymous.
The idea that there are "essential" cookies is what broke the law. There is no such thing, there are only cookies which would mildly confuse the average user if they weren't present. People should still have the option to opt out of th se cookies as well.
That is factually incorrect. Many websites would literally stop working. Not "mildly confuse", but "be unusable".
You ever logged in to a website? That's a cookie. Ever used an online shopping cart? That's a cookie. Ever changed a websites language in a dropdown? That's a cookie.
All these cookies are first party. There are also essential third party cookies for thing like SSO ("sign in with google/Facebook/github/etc")
Tell your browser to reject 100% of cookies and tell me how much fun that is.
"Legitimate Interest" is the bullshit term. Why does an ad company have a legitimate interest to my data? That should be removed from the law.
"Essential" is still very vague. All purposes should be categorized. If used for session/identity, then it should be categorized as "session/identity", there should not be a category defined as "essential".
You can also make a karaoke page that does not work without access to the microphone, but still the browser has a dedicated permission request for this, it does not get mixed up into a bucket of generic "essential" permissions only because that page doesn't work without using the microphone.
There should be a whole HTML standard similar to the Notification.requestPermission() (which requests permission to send browser notifications), but with a granular set of permissions for storage of data for different purposes.
And this should be a browser standard, not a custom popup in the logic of the website itself that will be styled differently on each page, allowing all sort of anti-patterns. I should be able to control, from the browser, what the defaults should be for each individual category of data, without having to click through every single website I visit individually. The UI to request for consent should be controlled by the browser, not by the page.
just use consentomatic plugin
This is like when legislatures where made to ban plastic straws by the oil and plastic companies.
They knew the backlash would teach legislature to stop meddling in their affairs.
🍾 🎆
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)