What could you possibly mean? Government made it so much better. How else would you know that the cookies (you're going to consent to anyway) are being put on your computer?
Is there anyone who actually consents for any other reason than the consent button being either to click than more options? Would we accept this kind of behavioural tracking in real life? Of course not.
Just ban tracking for advertising purposes entirely, or at the last least mandate that sites respect the do not track header and require browser manufacturers implement it as opt-in.
>Is there anyone who actually consents for any other reason than the consent button being either to click than more options?
If the "reject all" button isn't as easy to click as the "accept all" button, then the popup is illegal. The big players have all been forced into compliance, but there's a long tail of publishers who are chancing their arm on the assumption that the regulators don't have the resources to deal with everyone. That's probably a reasonable assumption in the short term, but the EU are playing the long game.
That's what they say, but even government websites do the same thing.
Anyway, my point wasn't so much about the pop up itself but rather that if you make it easy to reject, then everyone will reject. So what's the point of allowing it? It's like having a cashier asking everyone "would you like to get kicked in the balls?" with the hope that someone misunderstands, and then they get to kick them in the balls.
> If the "reject all" button isn't as easy to click as the "accept all" button, then the popup is illegal
You should watch the video in the linked article. The options are accept all and "customize". I'd be willing to bet a lot of money that accepting is one click and rejecting is more than one
So you’re a company with a web property. Your lawyers tell you you have two options:
1. Ensure that you’re perfectly abiding by all “legit purposes” and be prepared to update your policies and software each time those change, at the risk of huge fines. Or,
2. Just put an annoying banner up and have no risk.
Which do you do?
Government created this problem. Yes, it was in response to bad behavior from industry, but that doesn’t absolve the bureaucrats from responsibility for the results of their “solution”. If someone lights your kitchen on fire and the fire department’s response is to burn down the entire house, there is plenty of blame to go around.
If these are the two options your lawyers give you, fire them, because they are lazy shit bags.
All you need to do is not store cookies. That's it. It's not difficult at all. If you do want to cover your ass and use a consent dialog, there's a million options that are non-disruptive to your users and allow them to one click opt out.
The banners usually don't provide you with an all-or-nothing approach. Choice is usually between reject everything *except essential*, accept everything, or something in between.
That means the analysis for point 1 has been made. They know exactly which cookies need consent.
This is nonsense. You can't just put any kind of cookie banner up and magically be in compliance. You'd still have to explain what kind of data is being shared with with parties and why. And you have to update your privacy policy to keep it accurate in any case!
In fact, many of the websites that have these obnoxious cookie banners are NOT in compliance because don't offer a simple and unambiguous opt-out option.
These cookie banners and cookie popups are intentionally made to be maximally annoying. That's not good faith behavior by companies. That's malicious and an attempt to get consumers to blame regulators for breaking their browsing experience. The worst thing is that some people totally fall for it!
2 doesn't work since you actually have to list what you use the data for and keep that list up to date. You think large companies like Google didn't already try that?
> Which do you do?
Given that 2 goes out of its way to violate the law and make your users miserable I would suggest 1. But that is just the opinion of a non lawyer.
It’s also not what EU law requires. All the many websites that make it easier for people in the EU to accept the tracking than to decline it, as common as that pattern is, are non-compliant. Under-enforcement of these rules is sadly the norm. Compliant websites, such as that of the European Commission, don’t make it any harder to dismiss the dialog by accepting only essential cookies than by accepting all of them.
I agree with you that the non-compliant approach teaches a bad security practice to the general population. The fix is better enforcement of existing law, without a new law actually being needed except possibly a better procedure for more effective enforcement.
Unfortunately, achieving that is hard for political reasons. The EU’s politicians, and therefore the data protection authorities whom they oversee, care mostly about seeming to protect privacy, whatever the reality, and don’t want to deal with the economic + lobbying + PR + political donation + therefore electoral consequences of routinely taking proper and timely action. This is especially true for some of the most regulatorily captured data protection authorities in the EU, such as Ireland’s.
And it’s so easy, with the choice of one button to make things work like they always did, or a quick sixteen-part questionnaire and identity verification process if you want to submit a request to be considered for an alternative cookie delivery experience.
It may be annoying, but just the possibility of opting out of some of them is already something against the rising tide of taking control away from the user.
Is it the perfect system? No. Is it better than no system at all. I think so.
And it is not like companies could have chosen a better approach.. like default opt-out, or remember that one thing, or respect a DNT. There would have been some options to comply with the law, but there was only one that still allows companies to grab most of the data and at the same time get people annoyed about the attempt to reasonable legislation (which certainly could be improved, like just go a DNT approach, but companies went immediately rampant on that for the same reasons..)
But big corps know what they wanted and do and lead the rest of the pack..
People with anti-GDPR views appear to assume that like them, everybody else also just wants to accept every cookie. But that is not true. And the interface affects how users respond, too. For example:
Given a binary choice, more users are willing to accept tracking compared to mechanisms that require them to allow cookie use for each category or company individually
I don't consent to them. If websites are making it hard not to consent, then they are in violation of the GDPR.
Stop blaming the government for something private companies are doing to you. All the government did was require them to be honest about it.
Maybe the EU should be more aggressive with GDPR, and start fining these companies out of existence for not being 100% compliant. That would put a stop to the maze of dark patterns pretty quickly. Either every shitty company would go bankrupt overnight, or they would learn how to make very simple "yes cookies" and "no cookies" buttons.
In my personal experience, people who hate the GDPR are typically not EU citizens. I am an EU citizen and I strongly approve of GDPR. Is it perfect? No. Is it a step in the right direction? Yes.
Do you also approve of surveillance states that a lot of EU countries are? Do you approve of push to end encrypted messaging? Do you approve of impossibility of getting an anonymous SIM card?
And the EU is the only thing that consistently fights countries that try to spy on their citizens. I'm in Denmark and the government flat out refuse to stop tracking people via the cell phone network. The EU is pretty much the only organization that cares and tries to stop it (hard to actually stop it when the local government just ignores every ruling from the EU on the subject).
