It is illegal, at least from the point of view of the GDPR which is what these pop ups are supposed to comply with.
You could argue that the artificial delay is implemented as a way to dissuade people from declining which would fail the idea that data processing consent should be freely given (you can’t force people to opt-in).
You could also argue that even if there was a legitimate technical reason for the delay then it wouldn't be compliant because it would prove that data processing is enabled by default before the user opts-in (otherwise the delay should be on opt-in and opt-out should be instant as it's essentially a no-op).
TrustArc essentially provides "breaching the GDPR as a service" and their continued existence proves the incompetence of the data/privacy regulators in all EU countries.
It may also be a sign of how much national governments care about privacy, compared to the EU parliament which voted for the e-Privacy Directive.
I suppose the counter-argument would be that passing legislation is cheap, but enforcing it costs money, and governments have other priorities, but, for example, in the UK there can be fines of up to £500,000 for breaches of the e-Privacy Directive[0], which should be more than enough to cover the cost of the investigation.
Please stop doing this. Not everything you don't like needs to be illegal, and taking your business elsewhere has literally never been easier in the history of the world.
I don't want to live in a world where the criminalization of everything that ever happened that you didn't like means that I'm always breaking the law.
If hn is not the place to discuss web regulation, I don’t know what is. New things pose new and unexpected harms and nuisances. Regulation is the cure.
On the flip side, this particular dark pattern was caused by regulation. As usual, shades of gray
> I don't want to live in a world where the criminalization of everything that ever happened that you didn't like means that I'm always breaking the law.
You'll be fine as long as you're not in the habit of doing things like this that are clearly outwardly hostile to everyone you come into contact with.
How many people not liking murder or theft did it take to make it into a law?
How many people not liking gaslighting personal-data-theft dark patterns will it take to make it into a law?
We're transitioning from purely physical beings to having a more virtual presence. Virtual crimes are much less visible and have much greater impact at scale than their physical counterparts, identity theft by Equifax breach or a hack, VS physical force or pickpocketing, for example.
No, they are equation that previously both items were socially acceptable until society demanded change and made both illegal and provided services to enforce such laws.
The impact of violating privacy is neither increased nor decreased by the impact of theft and/or murder. If we compare theft and murder, theft «in general» is less impactful than murder, as I'm deprived of property and potentially physically injured with theft, with murder I am deprived of life itself.
That murder is generally more impactful doesn't make theft more acceptable/less bad; we should have laws for both.
"Cookie banners" are a misnomer. GDPR rules apply to all persistent personal identifiers, not just cookies. (And likewise, they do not apply to cookies which are not personal identifiers or are critical for site functionality)
