Hacker News new | past | comments | ask | show | jobs | submit login

Please could we also have a couple more privacy setting bits for i-accept-your-cookies and i-want-to-be-told-about-cookies-on-every-single-website-because-i-forget-what-they-are-and-really-want-to-click-through-to-your-privacy-settings

If we have those bits, then the user can make a set of choices once, for every site, and we get rid of cookie pop-ups

-- Websites could still ask if they want/need to do something that violates those choices






Or we can just assume like reasonable adults that websites are going to put cookies in your browser and promote privacy-oriented tech to users rather than trying to pretend that having every website ask for permission in order to enable basic functionality solves anything.

> promote privacy-oriented tech to users

Like what?

> every website ask for permission in order to enable basic functionality

I don't believe that purely functional cookies require GDPR permission - that's covered by "provide services to the user". It's the ones which are functionality to third parties not the user which are the problem.


> I don't believe that purely functional cookies require GDPR permission - that's covered by "provide services to the user". It's the ones which are functionality to third parties not the user which are the problem.

Ah, I didn't realize that. Well, that does sound much more reasonable.


Actually the ICO page itself presents a great example: if you go to https://ico.org.uk/for-organisations/guide-to-data-protectio... you get:

> Necessary cookies

> Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

> Analytics cookies [toggle On/Off]

> We'd like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone. For more information on how these cookies work, please see our 'Cookies page'.

The implication is that a consent dialog would not be required if they weren't using Google Analytics or any other third-party.


That would be nice. I feel like the "cookie warnings" basically read as "this site doesn't actually need cookies to work, but we want to track you". We should just have some sort of "do not track" header that indicates we don't accept those terms, and then websites can badger us if they really need cookies, like for logins.

> I feel like the "cookie warnings" basically read as "this site doesn't actually need cookies to work, but we want to track you".

I typically read those warnings as reminders that I should open the site in a FF container.


> If we have those bits, then the user can make a set of choices once, for every site, and we get rid of cookie pop-ups

That one was tried with the DNT bit - of course users ended up en masse setting it to "do not track" by default. Sites won't accept that.


Sites need to be told to obey DNT with a legal sledgehammer. Still hoping...

The eprivacy regulation, taking care of that, was supposed to be finished by the time the GDPR went into force. But Austria's pro-business government managed to delay it until there wasn't enough time before the last European Elections.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: