Hacker News new | past | comments | ask | show | jobs | submit login

> This shows utter incompetence and detachment from reality by European legislators.

> Surely there are solutions that don't require a popup on every webpage you visit? For example enforcing no tracking by default for advertising purposes?

Wait, what? There are such solutions. GDPR, and the "cookie law" before it, don't "require" any popups.

They allow cookies, 1x1 pixel images, browser fingerprinting, Flash supercookies, browser local storage, etc. without any need for stupid popups... as long as that's required to implement the site's functionality. Consent for these things is implied by the user's use of the functionality (e.g. game scoreboards, saving word processor documents, keeping track of a user's shopping cart, etc.).

What these laws do require is that handling such personal data without such implied consent, should require explicit consent. This acts as a disincentive for sites who want to continue spying on their visitors, by forcing the UX to be more annoying and dissuade visitors from staying.

> the only practical significant impact is that browsing the web has become more annoying.

Sounds like the dissuasion is working. Hopefully that is causing spyware sites to receive fewer visitors (and perhaps revenue), and potentially rethink their decisions.

What evidence is there it is working? That evidence only shows that people have change their web experience to be more annoying out of fear of the EU. It does not show there is less tracking or more public support for privacy.

Most people hate the UX change but don’t care about the privacy so probably a net loss for the EU.

I remember reading a report that trackers were down, but it was mostly the smaller European ones that are losing market share:


That's because the sites currently have an option (or think that they have an option) to make tracking mandatory for their visitors, so long as they consent - which is the easiest way for them to deal with it. It sounds like this Dutch agency is saying that it is not actually compliant with GDPR.

> Sounds like the dissuasion is working.

It clearly isn't. Vast majority of people (me too) are trained to automatically accept whatever cookie BS the website asks for, just to get rid of the popup as quickly as possible and get to content. And no, these "spyware" sites such as reddit.com or bloomberg.com won't switch to non-tracking ads to get rid of the popup.

well the GDPR does say many things about how the tracking consent can’t be the default right? so yeah it’s working if you just click through... of course if businesses are breaking the law, that’s different and enforcement will come

for reference there are at least 2 parts that make this outcome true:

“Consent must be freely given, specific, informed and unambiguous ... Any element of inappropriate pressure or influence which could affect the outcome of that choice renders the consent invalid”: a default choice if “i agree” is influence

“The withdrawal must be as easy as giving consent”: if you hit “i agree” in a box that automatically pops up to give consent, there must be a withdrawal mechanism that’s as easy as that to withdraw (and then they must delete your tracking data)


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact