Hacker News new | past | comments | ask | show | jobs | submit login

To add insult to injury the big players with most trackers just refuse to show the cookie warnings at all. At least that's the situation Germany where most major news outlets are full of ads and trackers and handle all of it via opt-out(!) in the privacy policy. For a example see spiegel.de, the most widely read German-language news website.

It's mostly small and medium sized firms that show the cookie warning out of fear. That's completely the opposite of what I want as a consumer as well as a small-time webmaster.

EDIT: Just to be clear: spiegel.de never shows a cookie warning even if visit with a fresh browser. You can opt out by visiting their privacy page [1] (in English).

[1] http://m.spiegel.de/extra/what-we-do-with-your-data-a-121194...




Anyone who didn't see this as the predictable end-result of requiring cookie awareness and consent was hopelessly naive about how large vs. small organizations respond to unfunded government mandates.

The money and time could have been a lot better spent on international awareness campaigns arming consumers with more privacy knowledge instead of expecting website owners to shoulder the informational burden (because those orgs in aggregate have no core incentive to treat user's privacy as an inherent good).


These organizations do have such an incentive. The very essence of GDPR is to create these incentives. The EU's goal with GDPR was to make user data a liability, and to encourage organizations to reconsider their need to hoover and hoard it.

The GDPR is unlikely to be overturned, and there are plenty in the EU who are eager to enforce it. Just because it's not being enforced right this second doesn't mean the law won't catch up to offenders.

Especially if Margrethe Vestager replaces Jean-Claude Juncker as president of the European Commission, you can expect a ton of action on this front.


> Especially if Margrethe Vestager replaces Jean-Claude Juncker as president of the European Commission, you can expect a ton of action on this front.

the odds of this are essentially zero

she's in a minor EU party and her own country won't put her forward as candidate


> there are plenty in the EU who are eager to enforce it

But we haven't yet seen it enforced, have we?



we have definitely seen movement (plenty of data protection authorities have issued warnings), but it really hasn’t been that long (it’s been less than a year)

the only way that a law like the GDPR that’s purposefully vague and broad can work is to allow plenty of lead time for warnings and fixes before fines

it’s a process; you shouldn’t expect it to change everything overnight


>The EU's goal with GDPR was to make user data a liability, and to encourage organizations to reconsider their need to hoover and hoard it.

And as a consequence we're going to continue sinking into irrelevance.

>The GDPR is unlikely to be overturned, and there are plenty in the EU who are eager to enforce it.

I think it will be overturned a couple of decades from now, when an economic crisis hits and we find that we've fallen significantly behind other countries due to our fear of technology.


"The market is the solution". Er nope.


This is not the end-result at all. It is an intermediate result. European data protection agencies will start handing out fines, then courts will start ruling, and in a few years we will see the end-result.

My prediction is that these Cookie shenanigans will be ruled as illegal according to GDPR, and then they will disappear.


I’ve been hearing this since 1997 when the first Data Protection directive happened. The enforcement never happens unless it’s serving a political goal, such as singling out a Chinese company or whatever.


GDPR is the result of many lessons learned in prior attempts. The EU Commission put particular attention on not repeating the mistakes being made in the Cookies directive, which rendered it essentially useless and only annoying.

Fines are to be handed out by the national data protection agencies. In Germany, the data protection agency regularly goes after violators since the 1990s. They audit German administrations and companies with respect to data protection, and request changes where necessary. See here for yearly reports of one of the state agencies: https://lfd.niedersachsen.de/startseite/allgemein/taetigkeit....

So at least for Germany there is no foundation for your claim.


I have to concede that German regulators have set the pace, but the penalties are still negligible on the global or even regional scale. If every member state went in with as much conviction as Germany, we might see some results after two decades of mostly-empty promises.


Too bad that the EU has yet to learn what collateral damage is.


It’s rather obvious it learned nothing. After seeing cookies banners, it was entirely evident and predictable that GDPR will result in more aggressive banners.

Which it, surprising no one competent, did.


There's one important caveat you're missing: the vast majority of these cookie banners are illegal under GDPR. So yes, it's rather obvious the EU learned a lot.

The law forbids dark patterns, coercing into accepting, delegating opt-outs to third party sites, and requiring collection of more data than is strictly necessary to operate the site.


This. Completely this.

Thank you


>players with most trackers just refuse to show the cookie warnings at all

The results of the legislation -in regard to cookies- are inconsistent, annoying, unevenly enforced, create a moral hazard and two-tier system, and I presume have negative overall utility.

This is why I do not consider the law to have been written with good intentions. The intentions were claimed to be good, but I don't see the lawmakers having had put in the necessary effort to ensure privacy improvement. Nor admit there are shortcomings to the legislation that need either fixing, or perhaps scrapping the legislation. Did they really intent on exerting enough effort to write the legislation well? To shoulder blame if it does not work out? To take the responsibility? Or to shore it up as situation develops?

Right now I perceive the cookie warnings to be merely EU's advertising banners - "Heeey, this is EU taking care of you!" - plastered all around the web just like banner ads used to be plastered all over the web. Morally the same - pompous self promotion, except paid for with legal rubberstamp rather than money.


Popped in a complaint to your local data protection body?


That's a lot of tracking, uBlock blocks 13 domains before even loading google tag manager.


Spiegel.de also sometimes refuses to serve you content if you have DNT flag set which in theory would be a convenient way of getting rid of cookie banners.


Can somebody explain how Der Spiegal does this legally? If they can do it, maybe others can use the same justification.


There is a window now when players can argue that the regulation text isn't clear (it is). Let's hope regulators pick a few high-profile targets that are in violations and hit them with massive fines.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: