Hacker News new | past | comments | ask | show | jobs | submit login

I was going to write something tongue in cheek but instead I will simply say that your "simple solution" automatically opts you out of a lot of tooling that site operators have grown to find indispensable over the last couple of decades. Compliance with the EU regulations such that you can legally operate a website without a cookie banner establishes a fairly retrograde set of bounds on how you operate your site.

Which is their prerogative[1]. I'm just pointing out that the people who run the EU's official websites aren't able to operate inside those bounds, so it's fair to say those bounds are not commercially reasonable in general for functional sites. QED the banners are de facto required.

1 - The extensive reach of the law is breathtaking. The EU claims jurisdiction over any web property, based anywhere in the world, that might be seen by an EU national.




What tooling? There are no tools that I need to implement on my sites that requires third party cookies. Maybe I just respect my audience and not try to spy every last detail about them?


Really not trying to make a value judgement here. Just observing that many Web professionals do find value in tools that use third-party cookies, and such value is not always about spying or selling data.

For example, the European Parliament website uses third-party cookies for analytics and for Web streaming. Yes, they can run the whole stack themselves. It is also a) more work and b) not how most of the industry works.

The European Parliament with the resources of the EU, finds it expeditious to use 3P cookies and just display a cookie banner. How reasonable is it to expect sites with fewer resources to do similar interesting things on the Web without also falling afoul of the EU law?


I don't get your point. You are allowed to use those tools, but if you do, you need to get the user's consent.

What you are looking for is a way to use these tools, of which you don't really know what they're going to use this data for or how and why they are tracking me, without my consent.

I find it very strange that this is something you object to.


> You are allowed to use those tools, but if you do, you need to get the user's consent.

We are saying the same thing. Yes, you can use the tools, but then you require consent from the user as the very first thing they see on your website.

> I find it very strange that this is something you object to.

As a non-EU national, I don't derive the benefits of Do Not Delete etc. I do not ever care that a site is using 3P cookies to do e.g. on-page analytics. The cookie banners are a net negative for me.


Sorry for the late reply.

> We are saying the same thing. Yes, you can use the tools, but then you require consent from the user as the very first thing they see on your website. No, you only require to get consent from the user before you start using the tools. That this is as soon as they enter your website, and thus you need to ask consent as the very first thing they see, is your own choice.

> As a non-EU national, I don't derive the benefits of Do Not Delete etc. I do not ever care that a site is using 3P cookies to do e.g. on-page analytics. The cookie banners are a net negative for me. I'm sorry that you're not getting any benefits from it. That said, blame the site owners for incorrectly identifying your IP as a European one.


I think the only person who really cares about those tracking tools is the marketing department.

I have no good reason as to why the EU live stream has 3rd party cookies. However I set up online streaming for two small TV stations in my country, they wanted you to be able to watch the channel live on the station's website, we were able to see how many people were watching the stream live and I never had to use 3rd party cookies. It's not that hard to set up and it is cheaper than you'd expect now days, even video capture cards/devices are much lower price than back in the day.


> I think the only person who really cares about those tracking tools is the marketing department.

The marketing department typically is important to businesses.


Why does "web streaming" require more cookies than legitimate interest?


> it's fair to say those bounds are not commercially reasonable in general for functional sites. QED the banners are de facto required.

For all I care your site isn't required to be commercially viable. If you aren't able to convince the customer and instead opt for so-called cooky-terror banners as a dark pattern with the primary goal of de-sensitive-izing users, you don't deserve my cooky. Opt-in means legislation has passed this view into law, with the quirk that the dark-pattern is fully expected because the industry needs a sort of legitimization for the use of private data. Small companies usually suffer under compliance, no doubt.

Besides, what has this to do with AI prompts? No doubt they want to analyse every single interaction as a sort of supervised training for free. This does not rely on third party cookies, but it might benefit from making identifications which somebody could argue are not essential to the service as advertised.

Is that the kind of tooling that site operators have grown to find indispensable over the last couple of decades, that you mention?


> what has this to do with AI prompts

It's related via my question about EU digital regulation, although Gemini is likely on hold due to the DMA and not GDPR. The question was more about how willing are EU residents to forego technological advances under their more muscular regulation regime.


> 1 - The extensive reach of the law is breathtaking.

Not really, it's about the rights of people represented by the EU.


I say it's breathtaking in its reach because it asserts the right to afford rights to EU nationals no matter where in the world they are.

By analogy, it would be like the US asserting that the Constitutional rights of its citizens travel with them, and so they have the right to carry guns in any country.

It's an expansive approach.


> The extensive reach of the law is breathtaking.

It is.

> The EU claims jurisdiction over any web property, based anywhere in the world, that might be seen by an EU national.

Not really! The EU simply claims jurisdiction over any company that trades in the EU. The company doesn't have to be a "web property" - if you sell cars, or food, or medcines in the EU, you have to accept EU jurisdiction. If you want to operate a web property that is accessible in the EU, that's fine; but don't have a EU trading arm if your web property isn't GDPR-compliant.


Your latter point technically correct, but only because companies that lack a trading footprint in the EU are beyond sanction by the EU.

The EU claims jurisdiction, they just lack an effective enforcement mechanism for sites that do not have a financial nexus inside the EU. (Perversely, this creates an incentive to not create such a financial nexus, including hiring anyone inside the EU.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: