Exactly. It's rich for the EU to regulate dark patterns when their own laws is the reason they're so rampant on the web today. I guess it's good that they're finally waking up to this, but they're so far behind what's going on in adtech that their actions seem almost intentionally slow.
The solutions to this aren't regulatory, but technical first. Monetary fines to tech giants are mere slaps on the wrist. We, and by that I mean the web developer community, need to make technical solutions that make it impossible for companies to infringe users' rights. I guess we should first start by defining what those should be on the web. Those solutions then need to be presented to lawmakers and companies forced to adopt them. This is not rocket science; there are already solutions to these problems that just aren't adopted (e.g. the {ab,un}used Do Not Track header).
All this "behave this way or else" regulation is just reactive, and usually takes years to even pass into law, by which point tech giants are way ahead of it anyway.
"their own laws is the reason they're so rampant on the web today"
Really? Which dark pattern would bever be created if eu didn't exist?
"We, and by that I mean the web developer community, need to make technical solutions that make it impossible for companies to infringe users' rights. I guess we should first start by defining what those should be"
So, in this process, most of the population will get told what their rights are?
Since you complain that the regupation is slow, any ETA when the technofix will be ready?
The cookie consent forms that were a direct response to EU laws.
> most of the population will get told what their rights are?
Internet users need to be a) educated about the value of the data they produce (and ideally compensated for it[1]), and b) be provided with tools that safeguard this data and give them absolute control over it. So, yes.
The web should be user friendly, not hostile and scammy at every turn. It should be impossible for companies to abuse user data, and regulations are clearly too slow and ineffective.
> any ETA when the technofix will be ready?
Some already exist, and others can be built. The incentives are just not there, as tech giants rule the web and law makers are both influenced by and playing catch up to their schemes.
Cookie consent forms were a response to the "cookie law" passed in 2009[1].
If they're now illegal, that's on the EU for making them vague or not strict enough.
But my point is that fighting this with laws is:
- too slow, since by the time governments catch up that something should be done, a lot of harm has already been inflicted upon users. And by the time laws do come to pass, tech companies have grown in power and already have alternatives to keep growing. Governments are constantly playing catch up, which was a problem even with Big Tobacco/Pharma, but the speed of innovation of Big Tech is unparalleled.
- too ineffective, as breaking these laws is too slow/difficult to prosecute, and even when companies are fined, it's mostly symbolic to even matter. I.e. to them it's just the cost of doing business.
> Cookie consent forms were a response to the "cookie law" passed in 2009
> were a response to the "cookie law" passed in 2009[1]
Your link clearly states: "Receive users’ consent before you use any cookies except strictly necessary cookies".
For everything else you need to ask for consent with "No"/"Reject" being clearly labeled and being the default option.
Yes, it's that easy.
> too slow, since by the time governments catch up that something should be done, a lot of harm has already been inflicted upon users.
So, what eactly is your proposal except "law is bad"? How do you propose law should work to minimize harm?
To be clear: I think that EU is too slow and too lenient when prosecuting things illegal under GDPR, and that they should pick up the pace. However, "omg this law makes the web bad" is in itself is a very bad take. Because it takes responsiility from those who are actually responsible for making the web bad. They are now exposed... but managed to persuade people that it's not their behaviour that is blatantly evil, but that "the law exposing them is bad".
I'm not saying "law is bad". I'm saying that the process of prohibiting a behavior after it happens is too slow and ineffective for Big Tech. As it was for many other industries before, but particularly now for Big Tech.
What needs to happen is for privacy-minded tech people to propose and lobby solutions to governments that make it impossible for companies to violate these rights in the first place, and then governments making it a law for this technology to be used by all companies. E.g. the DNT header could've been one such solution, but the fact it was never made part of a law is what led to it being abused for ironically tracking itself, and now abandoned altogether.
We're in this mess because governments fundamentally don't understand technology and how to police it. Either that, or they're willfully complacent with the status quo because it benefits them as much as the corporations.
> I'm saying that the process of prohibiting a behavior after it happens is too slow and ineffective for Big Tech
Do you realize that all laws happen after something happens? Even your proposed solution of tech people coming up with something would also happen after the fact?
> What needs to happen is for privacy-minded tech people to propose and lobby solutions to governments that make it impossible for companies to violate these rights in the first place
Ah yes, the magical technical solution that is impossible to violate.
Good thing that you mentioned DNT. Do you know that DNT ended up being used for browser fingerprinting and hence tracking?
Had DNT been codified into law, you'd be complaining on HN that the law is bad and governments don't understand technology.
> Either that, or they're willfully complacent with the status quo because it benefits them as much as the corporations.
wat. GDPR is literally aimed against the status quo. I wish it was more rigorously enforced, of course.
Also, it doesn't apply just to the web. It asserts right to privacy as a fundamental right.
The solutions to this aren't regulatory, but technical first. Monetary fines to tech giants are mere slaps on the wrist. We, and by that I mean the web developer community, need to make technical solutions that make it impossible for companies to infringe users' rights. I guess we should first start by defining what those should be on the web. Those solutions then need to be presented to lawmakers and companies forced to adopt them. This is not rocket science; there are already solutions to these problems that just aren't adopted (e.g. the {ab,un}used Do Not Track header).
All this "behave this way or else" regulation is just reactive, and usually takes years to even pass into law, by which point tech giants are way ahead of it anyway.