
Sick of cookie banners and popups? They’re all changing, again - oliveremberton
https://silktide.com/blog/2019/sick-of-cookie-banners-and-popups
======
pergadad
The article omits the really obvious solution: don't use all these cookies on
your site. Many of us use google analytics for convenience but in reality
there's really no reason for it on most sites. Basic login or technical
protection measures are all perfectly fine - so storing an IP to make sure
you're not getting ddosed is not an issue.

This law is not aimed at the average homebrew website or restaurant menu page
- it's for the big abusers, like Google.

~~~
oliveremberton
"It's for the big abusers, like Google".

If the law actually said that, it would be great.

You never want laws to be ambiguously applied and to presume exemption because
"it wouldn't happen to me". People will abuse laws: there will be spam scams
aplenty selling snake-oil solutions, and ambulance chasers threatening to sue
companies because they can. Excess legislation comes at a cost.

I am in favour of better privacy but I fail to see how counting unique
visitors on a blog should become a crime. By setting the standard that
everyone is violating the law, you encourage everyone to ignore your law.

------
pjc50
Their infographic is hilarious:
[https://silktide.com/images/uploads/images/Cookie-Law-
infogr...](https://silktide.com/images/uploads/images/Cookie-Law-
infographic.png)

But I can't see this changing in the medium term without some high-profile
fines; someone needs to fine a major media company or similar simply for
having Google analytics enabled. Then everyone will shout about their world
collapsing, and try to find new forms of allowed dark pattern.

Really the only way to get out ahead of this mess would be to "lean in" and
make a browser-level technological mechanism for providing consent. Maybe
standardise the "session cookie" somehow, so all the required functionality
can hang off that.

~~~
datenhorst
> But I can't see this changing in the medium term without some high-profile
> fines

I'm counting on the German cease-and-desist industry to kick-start that - now
that I think about it, I'm actually surprised it has happened yet.

~~~
y4mi
It hasn't happened because it only works against private people which can't
afford good legal representation.

Their entire 'industry' is just shitting on people in the lower middle classes
and below for a few hundreds bucks per case.

With this they'd actually have to represent in court for every case. It's
easier for them to just keep leeching of people that can't fight back

~~~
germanier
There is a healthy cease-and-desist industry working in the field of online
shops. I wouldn't classify their owners as lower middle class. You are right
that a lot of cases go to court but they often side with the one sending the
letter.

~~~
y4mi
You mean the shops run by a single person, often as secondary income besides
their day job? Yes, I consider them middle class.

It's very rare that they sue a gmbh or ag. They generally only go for soft
targets

------
RenRav
This will be annoying if every single website spams permission requests on
first visit.

I hope that if I say 'No' on one website to doubleclick, adwords, analytics,
etc, those aren't going to just reappear for every other website.

If it's purely something each website is implementing, that won't happen, so
I'm looking forward to some standard that all browsers will use.

The UK could have just developed their own adblocker or educated everyone
about adblocking, cookie blacklisting, browser settings, anything would be
fine.

Do you think the average visitor will take time to go through each message and
only enable 1st party services required for the website to function? Just like
the annoying cookie banner, people will quickly become blind to that section
of the screen and spam click on whatever appears just so they can get rid of
it and read the page.

------
Jazgot
In my opinion the ability to give consent for cookies or anything else should
be standardised part of browsers and another W3C standard. This should be
integral part of browser, the same way as for consent for camera or microphone
use.

------
kd5bjo
> It’ll likely take heavy fines before people will care to go through the
> whole process of “cookie-lawing” and “GDPR-ing” their websites again.

This line is a bit disingenuous, as all of these guidelines are simply what
“GDPR-ing” was supposed to be in the first place. Any website owner that
contracted for someone to make their website GDPR-compliant that runs afoul of
these rules should insist on getting their money back.

------
tinus_hn
There is a setting for Google Analytics which makes it pinky promise to not
store too much information and with that setting you don’t need banners.

~~~
Nextgrid
Would you trust that promise coming from a company whose bottom line relies on
violating such promises?

~~~
tinus_hn
It’s not about you trusting them, it’s about satisfying the requirements of
the law.

~~~
Nextgrid
If you don’t mind letting a malicious company stalk your users then by all
means go and “satisfy the requirements of the law”.

~~~
tinus_hn
Obviously around 0% of website owners do as they had to be forced into not
pushing tracking cookies onto you by default. The decision is not mine to make
as a user.

------
s188
This is a good thing. And there's probably still some way to go with this. A
step-by-step approach makes sense to me. Sure it's a nuisance for developers
(although I'm certainly not complaining about the extra work) but it's better
for users to see regular progress regarding their privacy. Surveillance
capitalism has gone a bit crazy over the last decade and lawmakers are
steadily reeling it back in. I fully support the ICO's recommendations

~~~
DocTomoe
: but it's better for users to see regular progress regarding their privacy.

First and foremost, it will desensitize people about these messages, until
they habitually click on everything presented to them.

... including giving away the title to their soul.

------
Nextgrid
This is nothing new. These guidelines reflect the GDPR’s intent and everyone
had 2 years to prepare for it before it went into effect.

~~~
aiCeivi9
They are in effect and everyone breaks them. I guess we need to wait for first
"cookie" fine for any panic/changes to happen.

~~~
holstvoogd
yep, I work at what is a processor in terms of the GPDR and made a action plan
of how we should comply and help our customers to comply. Guess how much of
that got done? Absolutely nothing. But of luckely we have quarterly meetings
to how to improve out compliance etc, of which we have so far had none.

The trouble is that the industry seems to focus more on what they can get away
with then what they need to change. Even the GPDR consultants/privacy lawyers
focus not on what is required by law, but on how to circumvent as much of it
as possible.

All 'BeCAUse iT Is sUcH a drACOnian LaW' \- Well guess why that is the case.
We keep perverting it in the name of marketing. It's just a race to the bottom
in the end.

~~~
pintxo
Part of the problem is the missing fines:

If there is no regulatory punishment for ignoring the law, than any
organization following the law actually has a commercial disadvantage against
all the opponents not following the law.

That's way no one is willing to follow the rules. Legal requirements that do
not get enforced are just meaningless.

