Hacker News new | past | comments | ask | show | jobs | submit login

I agree with removing the cookie requests. 99% of people just click the big green "AGREE ALL" button because they're too busy to go on a box-ticking exercise. I hope other aspects of GDPR remain in place though, and have to agree that we should be cherry picking the rules that make sense to UK businesses and users.



The EU's upcoming ePrivacy Regulation[1] proposes, among other suggestions, to move cookie consent into the browser:

"Simpler rules on cookies: the cookie provision, which has resulted in an overload of consent requests for internet users, will be streamlined. The new rule will be more user-friendly as browser settings will provide an easy way to accept or refuse tracking cookies and other identifiers. The proposal also clarifies that no consent is needed for non-privacy intrusive cookies that improve internet experience, such as cookies to remember shopping-cart history or to count the number of website visitors."

[1] - https://ec.europa.eu/digital-single-market/en/proposal-epriv...


Google uses a dark pattern already so that law is screwed before it has even passed.


It's only screwed if regulators don't have the balls to take down Google.


A lot of these cookie requests that are the most cumbersome are themselves GDPR violations.

You should have the options to agree or disagree to non-essential cookies presented equally, and then can offer the granular box ticking for people who really care that Google Analytics can use their data but Google Ads cannot.

People complain that the EU's own website have cookie banners, but if you compare the banner on europa.eu, to say, IB times which is another link on the front page currently. The europa.eu one has two equal options, no BSing about legitimate interest claims for tracking that wouldn't hold up. The IB times one on the other hand has a totally unneeded splash screen, you then need to click manage settings, and for each purpose you need to enter it and disable extra toggles for "objecting" that are basically another layer of opt out consent since they know consent is opt in (but to my understanding if you don't go to manage settings at all and just click the go away option, they will treat that as affirmative consent).

The ePrivacy Regulation is working to clarify the interaction with the ePrivacy Directive which leads to people asking consent for "essential"/non tracking cookies like shopping carts or the "Remember I didn't consent to tracking" cookie.


A big green "AGREE ALL" button is explicitly non-compliant, though.

In theory one could preemptively block all consent popups and requests and continue to surf the website without being tracked, if the GDPR had any teeth.


For what it's worth here's what I do:

I run my own /etc/hosts file based on : https://github.com/StevenBlack/hosts

This should block the popular ad-ware companies.

I also browse with Brave, and use their inbuilt "shields" feature to block 3rd party/cross-site cookies. I don't install any additional browser plugins.

Would be nice to kill all the consent-popups, as you say.


Do you have a source to back up the claim of 99%? It seems feasible, but I'd be interested in hard numbers on that because I haven't seen any.


No I do not - in this case 99% = most people. I think only a small percentage of the population understand what a cookie is, and an even smaller percentage of those who care about their privacy enough to go ticking those boxes.


Personally I would prefer something streamlined, but only if it allows individuals the same or better choices. And I would not want a situation that lead to irreconcilable differences with the GDPR, the hassle of non data portability would be too great.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: