This is still a big win for the companies since they have engineered a behavior where people just click 'I agree' without understanding it.
Software legal agreements are a farce, and it's only a matter of time before governments step in and regulate the shit out of it.
As per the GDPR, consent should be freely given (you are not penalized for declining) and it should be as easy to decline as it is to agree (something as simple as pre-ticked checkboxes is already in breach). The ICO's (UK privacy regulator) website provides more details: https://ico.org.uk/for-organisations/guide-to-data-protectio...
The current Google consent prompt fails the second test. There is an easy "I agree" button but no "I decline". The "See more" button leads you to some more filler text and turns the button to "Other options". Clicking that gives you more filler text and some links to Google/YouTube history and ad settings, but setting those doesn't actually dismiss the modal and you are still supposed to click "I agree". Furthermore the Google personalized ad opt-out says the setting can take hours to apply, which would also not comply with the GDPR as ad tracking should be opt-in to begin with.
The only way to act as an actual deterrent is to put executives behind bars or dismantle the company.
I've tried to do so myself, but I can't find a way of determining if an element is going to occlude another.
Drive off key market segments and you'll see shift. The smart money and big money is tech savvy.
This kind of BS (along with other UX annoyances with the official YouTube) finally convinced me to run my own instance. No more problems since then.
YouTube has been annoying me much lately (especially when all videos start playing at low quality for the few first seconds) but this really is the last straw. Unfortunately all videos on the internet are there. So all I can do about it is bark here. Woof woof.
and changing the URL to read youtube.com/embed/NUMBER
Donate the $ to archive.org .
It will work for a long time. If it breaks, just follow this 30 sec guide.
Unfortunately, the tech industry as a whole decided instead of finding a way to work in a more privacy conscious way it was far easier just to exhaust users so that they didn't have to change anything.
The actual language is "Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information."
Cookie consent boxes are implemented at the website level because the law applies to website publishers, not browser makers. Website publishers were explicitly told that they cannot rely on a user's browser settings. This put the browsers in the back seat and ended up with today's world where you have to opt out of a service provider like Google Analytics on a site-by-site basis.
The vast, vast majority of users do not touch cookie settings. There are probably more users running scripts to disable cookie popups than there are users opting in or out of specific cookies.
It is an odd world where websites bend over backward to make cookie popups that actually work knowing full well users do not care. The average user doesn't really know much about cookies, much less the wide variety of activities powered by cookies. Cookie consent popups are publicly available, making them easy targets for regulatory audits. Ireland ran a huge sweep and sent out letters to a number of large companies telling them to clean up their act by October or else. We are a few weeks away from seeing what the "or else" will be.
I'm happy to answer any other questions you have on this.
If the cookies do not involve personal data, then GDPR does not apply, and a popup/pushdown/modal with text, a link, an accept button, and a reject button is all you need.
There are several billion dollar lawsuits against online adtech because it's not clear under GDPR whether anonymous but unique cookieIDs are personal data. If they are, the entire industry violates GDPR.
Here are the rules from the ICO's website, UK's privacy regulator: https://ico.org.uk/for-organisations/guide-to-data-protectio...
The problem is there is no enforcement of these rules despite the potential for huge fines.
I hate a lot more the time and brain power wasted on dealing with cookie pop-ups than the cookies themselves.
But aside from that, they are completely useless and just making the web less enjoyable
Why isn't there a solution for this yet, like a realtime list update mechanism or whatever.
PS. The "I don't care about cookies" extension works better, because it can actually click buttons and stuff which ublock origin can't.
I bet you could get 80% of the vote in most places on that issue alone, it's probably better than health care, immigration, or anything else.
In reality they are a form of harassment, just like all the other pop-ups that assault computer users continuously. Somebody ought to spend a night in jail for every time you tick a box that says "don't notify me about this again?" that keeps coming back.
In short, you can't use non-essential cookies unless you have consent. Companies want to use non-essential cookies, so they're trying to pressure users to consent by using things like pop-up banners. But the current definition of "consent" basically says that if you're pressuring users, then the consent isn't valid.
It's perfectly fine to not have a banner and not track users. It's perfectly fine to have a non-blocking infobox at the bottom asking for consent. A big ol' blocking banner than mandates user action for non-essential tracking... I don't think it's actually illegal (although there's currently lawsuits ongoing about paywalls), but it doesn't achieve what it's trying to achieve, which is collecting user consent.
It's also very common for sites to place cookies before they even get the consent, as the prompt isn't actually linked into any logic!
I've started just copying the URL and closing the tab, opening new one, pasting the URL, etc in a loop until I get a page without this crap. This works but sometimes requires a dozen of tries. It does a great job of encouraging me to stay on DDG and not even bother checking Google results.
In the long term I'm waiting for a EU privacy regulator to look into this (as this is not compliant with the GDPR, for reasons I explained in another comment here) or for an alternative frontend to be built (like a self-hosted Startpage).
This is also why the advice of just accepting everything and then clearing cookies regularly seems wrong and dangerous to me, as you've given them consent to track you regardless of cookies and they have plenty of tools to track someone with reasonable certainty without cookies even across different devices.
Just have the same confirm/deny for cookies as we have everything else. Done.
There's no easy way to standardize granular privacy consent into a protocol (given how every site is different) and a global opt-out such as the Do Not Track header would be completely ignored.
! Google - purchase away cookie-consent-popup and restore scoll functionality
google.##html:sort(overflow: seen !considerable;)
I also use this one:
And when we are on it: