It would be nice if the options weren't like "Enable all cookies" and "navigate 4 menus that try to convince you to enable all cookies."
It would be better if you could set your preference on the browser once and never have to mess with it again unless you want to have exceptions for specific sites
In theory this is done. There is a Do Not Track (DNT) header that is browser defined. Does anyone use it? Do they fuck.
I use it and the browser kindly explained to me that the feature is mostly useless because sites don't give a shit about it.
AFAIK the regulation already says that the "only necessary" should be available with one click. I think the issue is that it's difficult to go after all the small pages that are breaking the law. The big ones like YT of Google already have the 'disable all' button on top, I'm guessing because EU complained.
It doesn't say that it should be available with one click.
It says that accepting should be just as easy as declining. Which also includes things like not being allowed to have a "greyed out" button to reject while the accept button is big and sparkly.
Just make it illegal to sell user data to "data partners", and use cross site tracking.
Nobody actually "consents" to this shit. They just don't read.
I'm not a fan of the cookie consent popups, but I do appreciate the EU actually trying to do something to protect people's privacy. Seemingly the only major entity to do so right now.
A better solution would be to force sites to care about the Do Not Track browser setting that currently does nothing as told by the browsers themselves.
Just add 2 things:
- Cookie settings are possible to set in the browser for all pages.
- There's a reject all button on every cookie banner.
No, just ban the collection of user data and selling to 3rd parties. Enormous fines for anyone still doing it. Destroy this entire industry please.
What's annoying is the "Reject" button hidden on another page. That should be illegal.
And it actually is... Quote from the GDPR:
It shall be as easy to withdraw as to give consent.
Plus the 'legitimate interests' of 3rd parties
Yeah, definition of "legitimate interest" is definitely being stretched well beyond it's breaking point.
It should be just a browser option.
You set cookies on or off, ans the browser sends the option in the headers. Websites just need to take the option from the header instead of a banner.
It already exists and is called "do not track".
Unfortunately by sending DNT you are merely suggesting to the server that you wish to not be tracked. There's no requirement for the server to actually care about you at all.
Now, if DNT were actually legally binding though - that would indeed be very cool.
They should do something about "consent platforms" using various DNS tricks and thousands of domain names to bypass/evade user blocks.
I wasn't so bothered about some non-invasive ads a few years ago, but I absolutely despise any kind of ad now TBH, and it's mainly down to how persistent some of these platforms are with their evasion tactics
Also pretty ironic for their popups to talk about "respecting" my privacy when these platforms literally do the opposite of that to show their popup in the first place. I will not support any of them, in any way, on my network.
As soon as I see a new one appear when browsing, I chuck it into dnsdumpster so it can get recorded with the rest of them, and then block the new list from dnsdumpster (grid icon) on my network.
The EU law explicitly says no consent by default and users have to opt in. All of these cookie banners are breaking the law, the law doesn't need to change it just needs enforcing and these banners will disappear. We already have a do not track header and that could be complied with but it's enforcement that is the problem.
I'd be happy to keep the ones that say:
"we notice you are in europe and we can't use our cookies to track you so you can't come to our website"
It's good to know sites with policies like that to ensure I never visit them.
"It is literally impossible for us not to spy on you or sell your data. Sorry not sorry bye."
What if this wasn't a website issue but a browser one. Browsers invented cookies so browsers should be the ones to implement the banner feature. All Developers would then be forced to implement fallbacks to their cookies since the user could turn cookies off. If it was browser based fix then it would be a consistent UI and developers wouldn't be able to do shady shit(at least with cookie consent is concerned)
Eh, I think cookies should just be opt-in unless they're absolutely necessary for the site to function.
At least the regulation show us how shady internet is. That banner only shows up if the website is going to use cookies to use your data as a way to make profit. The fact that every website is doing that was eye opening for a lot of people.
Lol I'm a web developer who has put hundreds of those banners on clients' sites. Not as part of some nefarious data-selling scheme, but rather as a shallow tickbox exercise in order to comply with laws about technology they don't understand.
In this case, assuming ignorance over malice is the way to go.
Not only are they annoying, they go half way to legitimising the theft of user data.
Exactly. Identify what uses are legitimate and what uses aren't, and legislate directly. None of this consumer consent crap because it's meaningless to consumers. No consumer benefits from their browsing habits being under surveillance.
I bet they will keep adding loopholes to keep websites bullying their visitors.
why bother making legal frameworks when you can't enforce them, there are hundreds of thousands of website including very prominent ones that hide the "reject all cookies" button after a second screen prompt. or flat out force you to opt-out of every second cookie category , just so you give up. they haven't been fined. and they know EU authorities aren't bothered either, so they keep infringing on the GDPR.
Lawmaking is a slow and tedious process full of compromises, and the EU is apparently the only governmental body that cares enough to actually do something against the wild west of digital tracking. I for one am happy about that, and contrary to public opinion the GDPR is actually being enforced (albeit not strictly enough).
Should've just required it to be as easy to opt out as it is to opt in
There are sites that respect the "do not track" setting of the browser and just display a small timed info on your first visit that cookies have been rejected. Example: geizhals.eu geizhals.de
A start would be to require sites to remember non-consents for at least as long as they remember consents. Why do I have to be asked about cookies by every site every month?
A serious law would be like (but in legalese):
- By default you CANNOT use tracking cookies
- If you want to use them you should have a Table that classify them based on how much fingerprint do they take
- Then you have to explicitly ask the user in the most clear and unintrusive way possible if you can track them
- And the consent should last 30 days max
That is actually really close to what is present now. The EU never said "use cookie banners" but rather "if you really want to track people, they have to say yes". And most commercial websites decided to make it hard to say no, now everyone blames the EU for doing so. Your second point is not yet implemented, this would be really good for consumers.
And you know what? That’s cool. They’re not doubling down, they’re not staying the course. I’ve spent a lot of time in the EU and yeah, those cookie pop ups absolutely are annoying, but as a US citizen it’s a reminder of how the EU is trying to protect its citizens, FBFW, how the US is still bending to corporatocracy, and I am simultaneously envious and annoyed as I click “Alle Ablehnen”.
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed