Just mandate a single button to reject all cookies and that the default be "reject all" if users skip the banner.
That doesn't work, because rejecting all cookies means it's impossible for the page to remember whether you skipped the banner.. so the result is that the banner will always show.
The real solution would be to have this be a browser / HTML standard. Similar to other permissions managed by the browser (like permission to get camera/mic, permission to send notifications, etc).. then each browser can have a way to respond to these requests for permission that we can more fully control/customize.. with a UI owned by the browser that is consistent across websites and with settings that can be remembered browser-side (so the request can be automatically denied if that's what you want).
The law only concerns cookies that are not strictly necessary to provide a service.
So the cookie to remember that you denied all non-necessary cookies could be seen as necessary and thus not require your consent.
@PumpkinSkink@lemmy.world said "reject all", not "reject optional cookies" or "allow essential". If the website offers a "reject all" button (which many do, even if that's not mandated by the law), it actually does reject even the essential cookies. In my experience, the times I've chosen to press such button it always result on the banner showing again if you refresh the page.
And "Could be seen as" is subjective too. They could argue that having the banner, even if inconvenient, does not really break the website. They can also easily argue that since the point of the law was to get them to request consent then they are actually being even safer in terms of compliance by asking more.
Also, I still would rather have the possibility of no banners, not even the first time I open the page. The configuration from the browser following the standard could set a default for all websites and potentially avoid the popup to begin with. Then the responsibility would be with the browser, not the website.
I still would rather have the possibility of no banners, not even the first time I open the page.
Oh that's entirely possible, even with the current law as it is. All the developer has to do is to stop using cookies for anything that is not related to the functionality of the website.
But of course, the adtech bros won't give up on their precious tracking, so they'd rather try and shift the blame with an empty argument along the lines of "Hey, the bad EU law is forcing us to bother you."
Yeah, that's why I'm saying that the current solution does not work. It's why I was proposing a new standard that is enforced by law and that does not depend on subjective definitions of what's "essential" so anyone who does only want to allow certain purposes can opt in/out of certain cookies without the hassle.
This is like one of the only banner type things I like.
I can hear the lobbyists (both civil society and big tech, mainly the big tech ones) marching towards Brussels right now. This will be as heated as the Digital Markets Act.
Fighting is expected to flare up again next year, when the Commission wants to present an advertising-focused piece of legislation called the Digital Fairness Act. The executive has stated that the rulebook will help protect consumers online, including from manipulative design or unfair personalization.
The idea that there are "essential" cookies is what broke the law. There is no such thing, there are only cookies which would mildly confuse the average user if they weren't present. People should still have the option to opt out of th se cookies as well.
That is factually incorrect. Many websites would literally stop working. Not "mildly confuse", but "be unusable".
You ever logged in to a website? That's a cookie. Ever used an online shopping cart? That's a cookie. Ever changed a websites language in a dropdown? That's a cookie.
All these cookies are first party. There are also essential third party cookies for thing like SSO ("sign in with google/Facebook/github/etc")
Tell your browser to reject 100% of cookies and tell me how much fun that is.
"Legitimate Interest" is the bullshit term. Why does an ad company have a legitimate interest to my data? That should be removed from the law.
"Essential" is still very vague. All purposes should be categorized. If used for session/identity, then it should be categorized as "session/identity", there should not be a category defined as "essential".
You can also make a karaoke page that does not work without access to the microphone, but still the browser has a dedicated permission request for this, it does not get mixed up into a bucket of generic "essential" permissions only because that page doesn't work without using the microphone.
There should be a whole HTML standard similar to the Notification.requestPermission() (which requests permission to send browser notifications), but with a granular set of permissions for storage of data for different purposes.
And this should be a browser standard, not a custom popup in the logic of the website itself that will be styled differently on each page, allowing all sort of anti-patterns. I should be able to control, from the browser, what the defaults should be for each individual category of data, without having to click through every single website I visit individually. The UI to request for consent should be controlled by the browser, not by the page.
Just use Ghostery with never consent? I hardly ever see those things. Other extensions are available.
just use consentomatic plugin
This is like when legislatures where made to ban plastic straws by the oil and plastic companies.
They knew the backlash would teach legislature to stop meddling in their affairs.
I realize that everytime we put their plans to failure, i start to see articles gaslighting new initiatives that puts said plans to failure.
If it put anything in a bad position, its the lack of morality behind the current practices surrounding cookies and tracking thats negatively affected, which means their profit off of us is not in a good posture, which is great for our own private posture.
The law didn't mess up the internet, asshole business owners with their bullshit malicious compliance (and spineless devs enabling them) messed up the internet.
Yep, there even was a standard that would have been sufficient, Do Not Track. https://en.m.wikipedia.org/wiki/Do_Not_Track
Even worse, many data agencies will use the Do Not Track flag as an additional datapoint to add to your fingerprint.
This shit should be mandated, with strict “the company has been burned to the ground and the ashes have been salted” levels of penalties for violating it.
This! A thousand times THIS!
This is also evidence they never wanted to implement user protection.
It wouldn't be hard to add a clause mandating that websites provide an easy-to-access "reject all" button that actually rejects all cookies.
Unless I'm very mistaken rejecting all cookies must not take more clicks than accepting them. Too bad nobody enforces that...
The law should have a bounty for reporting violations and it will basically enforce itself.
Too many websites like almost all US local news outlets and businesses like Home Depot just block all EU and Swiss IP addresses, which really sucks for a multitude of reasons.
Arguably e-privacy and gdpr require a reject all button.
I'm seeing more and more of this "pay to reject" thing and it's really annoying me
Instead, ban the collection of non-essential data, and also ban the targeting of advertisements based on user profiles/history
Only select advertisements to display based on the immediate context, exactly like printed newspapers and magazines
Think they can ban the "pay, or let us track you" tactic I've been seeing pooping up too? That's fucking extortion.
It is already illegal, but nobody is doing anything about that.
Bet the CNIL is.
That's gross man. Where's it pooping up so I can avoid it?
Ublock Origin's "Cookie Notice Filter + Annoyances Filter" combo stays winning as always :)
Problem is not the law, but that the companies implemented it in as annoying of a way as possible to get people pissed off about the law and force it to be dropped, or for what actually happened which is that it's too much work to not opt-in to the cookies which essentially makes it opt-out not in.
And the idea to remove the requirements for "simple statistics" or whatever terminology they use will just get abused by using other illicit tracking tech to link the cookies to uniquely identify a person anyway. So it will effectively make the popups unnecessary in any circumstances and still allow tracking for marketing and surveillance.
The law requires them to make a one button option to deny all.
Google got fined millions of dollars for making it two clicks. And then they changed it to one click "reject all" after that.
Right, but not all have fixed that. I still see lots of cases where I have to turn off several options individually. Though these could be sites outside of the EU jurisdiction, so they just don't care, or sites that make enough money off of the tracking data, that the fines would be insignificant even if the EU were to get around to fining them.
And again the comment stands that it's not the law, but the implementations that are bad. The law requires it to be simple, but that's not what was implemented.
The fines are not insignificant. Report it to the government.
Ghostery is a fantastic Firefox plugin. No more stupid questions.
Some websites do it right. They have a "reject all" button, and that's that. But then there are others where you have to deselect a whole shit load of checkboxes just to reject the fucking cookies. Sometimes they even have a "Pay to reject" shit. WTF. Ugh.
That's illegal. Report it to the government. Google got fined millions of euros just for making it two clicks on YouTube.
It’s funny, this is how you see how politicians act when they are personally involved.
Cookies and banners annoys the shit out of them, so they actually do something.
They don’t care about the internet.
Just make companies respect the do not track flag I can select in the browser.
Denmark (currently presiding over meetings in the Council of the European Union) suggested in May to drop consent banners for cookies collecting data “for technically necessary functions”
That already doesn't require consent
or “simple statistics."
Also doesn't require consent, when the statistics are anonymous.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)