
Ask HN: Why doesn't GDPR go after web browsers? - Guest9812398
As expected, as of today more websites are displaying complex options for accepting or declining cookies, analytics, and personalized advertising. Wouldn&#x27;t it make more sense if this was asked once by the web browser, and not separately on every website?<p>When you install a web browser it would ask...<p>1. Do you want to allow websites to use third party cookies for analytics? This may share information about your browsing activities with third parties, but help websites better understand how their users are engaging with their service. Yes, I would like to use cookies for this reason. No, I would not like to use cookies for this reason.<p>2. Do you want to allow websites to display personalized advertising to you? This will help to display more relevant advertising by sharing information about the websites you visit online. Yes, I would like the advertising I see to be personalized. No, I would like the advertising I see to not be personalized.<p>And, that&#x27;s it. The regulation could focus on the wording that should be displayed, ensuring it&#x27;s clear, unbiased, and fair. The browser could also allow you to toggle those options individually for websites if you decide not to use the defaults you specified.<p>Wouldn&#x27;t this make sense? We wouldn&#x27;t need to see a popup on every website, and configure these options a hundred times a day as we&#x27;re browsing the internet. If I just want to quickly search for a recipe on Google, I don&#x27;t want to spend 30 seconds going through the cookie settings on the website before I can spend 30 seconds reading the recipe. It&#x27;s also annoying when every website is setup differently, so it&#x27;s hard to navigate these settings and avoid the tactics they&#x27;re using to opt me in.
======
fiedzia
The decision is made with regard to organisation, not medium. You may make one
decision for one website, and another for another. Also different sites have
different options to choose from: some ask you for permission, some have many
variants to offer. Many websites have apps, once you agreed to something via
app, browser settings are irrelevant. What exactly to decide on or agree to
vary by site as well: its not just about tracking and ads. One size does not
fit all.

------
detaro
1\. is pretty much the basic idea behind Do not track headers. Acceptance of
it among websites is... low, and given the history around it its probably not
legally viable to treat DNT: 0 as "I consent to tracking", since there's no
clear standard _what exactly_ it'd be consent for, and no clear way to be sure
that the user has seen enough details about it. (DNT: 1 as "I do not consent"
wouldn't be a problem, but why respect that if you can annoy the user with a
popup and try to get consent anyways?)

But your 2 examples only cover a tiny sliver of what GDPR covers, so no, it
wouldn't make sense for the regulation to be replaced by proposals like this.

Nothing stopping the tech industry to develop standardized mechanisms to
communicate privacy rules though, and use them where appropriate. I haven't
seen much in the way of proposals for this though, I suspect because a fair
implementation of that would have the same issue the advertising industry had
with DNT: don't make it to easy for users to not consent, that's bad for
profits.

~~~
Guest9812398
Why not force publishers to respect the do not track headers, and clarify what
it means to not be tracked? I'm not asking for GDPR to be replaced, and I
understand it covers a much wider range of issues. However, I want to say that
analytics, advertising and cookies are the ones that most affect users, and
are the ones that will be causing the popups everywhere online. I feel this
process should be simplified, users shouldn't need to update these settings
with every website they visit, and we shouldn't trust publishers to be the
ones asking for consent, since they have a high interest in misleading users
and finding creative ways to obtain consent, which we can already see
happening.

As for your last point, there are standards being implemented related to
obtaining and communicating consent
([http://advertisingconsent.eu](http://advertisingconsent.eu)). However, these
standards are being set by the ad networks, and as you would expect, they are
looking out for their best interest and bottom line.

------
supereggbert
It's not just about cookies, tracking and advertising; it's about informing
the user about what will be done with their data, its retention periods and
reasons for holding/collecting/processing the data. This will be site
dependant, so can't really be generalised in the way you suggest. eg a
manufactures website may say they hold your data for 6 years in case of a
product recall but an online shop might only hold your data for 12 months for
the purpose of returns, so it'll be different permission in each case.

