It absolutely is hurtful to users to have to make a choice dozens of times every day. We were in a better position before, when users could choose to have their browsers just block cookies if they cared. Now I have my browser block cookies and I still have to respond to a cookie banner on every single website.
> It absolutely is hurtful to users to have to make a choice dozens of times every day.
I'd argue that what is hurting the users, are the companies who insist that they need to track individuals in those ways. If they didn't, they wouldn't have to show the banners in the first place, and no user would have to confirm/reject anything.
Maybe I'm alone, but I prefer a choice every day of the week, as then I can at least chose for myself. The alternative is just unchecked privacy-violations, and that sounds worse to me, but we're all different, luckily.
That would be an interesting discussion, but that's not on offer. What is instead on offer is dozens of choices every day of the week. Is any person really expected to read and understand a dozen or more privacy policies every day?
> Is any person really expected to read and understand a dozen or more privacy policies every day?
People are expected to make reasonable choices in their day-to-day life or suffer the consequences, yes. If you don't want to read the privacy policy, click "Reject" and you don't have to. Tired of clicking reject every day? Send an email to the company and tell them to get rid of it. They can, they just don't want to, and prefer to annoy users instead, because that makes them more money.
We give people the option to take a loan. If they take a loan without reading the terms and conditions, and sign up for very unfavorable terms even if it was very clear, then usually you have to stand for that choice.
Why would allowing/rejecting data collection work any differently?
And in fact, it is even worse for people who block cookies, periodically delete cookies, etc. Because you often have to respond to the popup every single time you visit the site, since it uses a cookie to remember your preference.
Storing a cookie to remember a "Reject tracking cookies" is fine. You're allowed to store cookies without consent, the objective of the cookie matters when figuring out if it's allowed to be stored without consent or not.
If people would just spend like 10-15 minutes reading up what they're arguing about, we'd actually get some substantive discussions on this topic.
I didn't say it wasn't fine. I'm saying that if you set your browser to automatically clear all cookies after a session, every day, etc. Then it will delete the cookie to remember "Reject tracking cookies".
Also, if the site is using a third party service for the cookie banner, the cookie for remembering "reject racking cookies" might be stored as a third party cookie that the browser then doesn't store at all, depending on the browser settings.
> users could choose to have their browsers just block cookies if they cared
1. That would also block functional cookies.
2. That requires users to know that it's a thing they should care about. It's not cool to spy on people just because they haven't realized what you're doing and taken countermeasures.
Agreed. But I don't think this situation is better—users now know about it but are exhausted by it. Having educated them doesn't help if you've also pounded them into submission.
> Having educated them doesn't help if you've also pounded them into submission.
Pounding them into submission also makes their consent legally invalid in many cases, at least by the standard which the GDPR requires. Example GDPR complaint about this problem: https://noyb.eu/en/bereal-app-wont-take-no-answer
This aspect of the law is more an enforcement issue (including national Data Protection Authorities which have effectively been captured by the companies they are supposed to regulate) than a legislation issue.
I'm glad that noyb recently got approved to file something broadly similar to what in the US would be called a class action lawsuit, so that they can do some of the enforcement that the governments won't.
Consider donating to them if you want to see proper compliance. They're doing most of the useful enforcement these days. I have no affiliation myself besides also considering making my own donation.
> Pounding them into submission also makes their consent legally invalid in many cases
Showing a cookie banner on each site is pounding us all into submission. It's not that any single website's banner is too much; it's that we are all clicking them all day long.
Honestly, it would be awesome if there was an effective way to geofence these banners to the EU. However, IIRC the EU law asserts control over websites in other countries, on the off chance that an EU national might access the website.
> Showing a cookie banner on each site is pounding us all into submission. It's not that any single website's banner is too much; it's that we are all clicking them all day long.
Disagree. I have a browser extension installed that makes the repetition across sites irrelevantly easy, at least on my laptop Chrome browser. I don't usually click on them at all except for sites which try to interfere with the browser extension or which try to block access unless I pay them or agree.
Also, for people without such an extension, seeing the banners could be a reason from complaint to the website itself. No law requires them to do the kind of tracking which requires them to gather consent, nor to gather the consent in such an obtrusive way as they often choose when they do want to gather consent. The most effective way to get websites to stop being obnoxious to their users would be if they had to deal with user complaints about it, not anything legislators can do.
> Honestly, it would be awesome if there was an effective way to geofence these banners to the EU. However, IIRC the EU law asserts control over websites in other countries, on the off chance that an EU national might access the website.
I've already explained to you in other comments how that summary of GDPR jurisdiction is wrong. But hey, when I'm in the US and a website lets me deny consent, I'm happy for the extra protection from tracking. Conversely, when I see the difference in banners when I go to the US - yes, most sites do geofence their own banners to EU-based visitors - I am horrified at the tracking people aren't being told about outside the EU.
As a practical suggestion, there are browser extensions that can handle many of these banners. Meanwhile, blocking cookies does not prevent many other forms of tracking to which the GDPR's consent requirements apply just as much as they do to cookies.
I hate the cookie banners too, but I blame the bad actors more than the legislators that at least gave me more information and rights than I would otherwise have had.
