That shit should be illegal. Accept all / reject all. That’s it. If somebody is disabling cookies, literally nobody in the entire world wants any of them! “Oh yeah, please, only keep my location data but not the data about my purchase decisions”…
It was pretty crazy taking my phone from the United States to the EU and seeing all of the notifications of how my data is being shared by “free” apps! It just goes to show that the saying “if the product is free, you’re the product” is 100% true!
The EU didn’t force anyone to have the cookie banners. If the site only uses nessecary cookies - the kind you can’t turn off in the prompt - there doesn’t need to any prompts because that’s perfectly fine. The intrusive, obnoxious and deliberate confusing popups are from data harvesters throwing a tantrum because they can’t stalk you every waking second any more, and complying in the most malicious and disrespectful way they can.
Cookie banners are nothing to do with the EU and everything to do with tech-bros.
The EU knew about DNT signals before GDPR was finalized and decided to ignore them. I know, I was a web dev at that time (and still am, yes I’m ancient in internet years). This is on the EU and techbros, but having internet explorer and other browsers like firefox (not sure if chrome did it?) enabling DNT by default would make tech bros upset, and the EU couldn’t have that, so they made the tech bros a little happier by allowing the consent banners instead.
From the working party back then, which was promptly rejected in the final GDPR we have today:
2016
The Working Party recommends
rephrasing the requirements in the current Recital 66 of Directive 2009/136/EC. Instead
of relying on website operators to obtain consent on behalf of third parties (such as
advertising and social networks), manufacturers of browsers and other software or
operating systems should be encouraged to develop, implement and ensure effective
user empowerment, by offering control tools within the browser (or other software or
operating system) such as Do Not Track (DNT), or other technical means that allow users to
easily express and withdraw their specific consent, in accordance with Article 7 of the GDPR.
Such tools can be offered to the user at the initial set-up with privacy-friendly default settings.
Adherence to accepted technical and policy compliance standards must become a common
practice. In addition, website operators should respect and adhere to browser control tools or
other user preference settings.
2017
The Working Party recommends that terminal equipment and software must
by default offer privacy protective settings, and offer clear options to users to confirm or
change these default settings during installation. The settings must be easily accessible during
use. Users must be enabled to signal specific consent through their browser settings. Privacy
preferences should not be limited to interference by third parties or be limited to cookies. The
Working Party strongly recommends to make adherence to the Do Not Track standard
mandatory.
I mean… The EU could’ve also said ‘no privacy invasive cookies’ instead of ‘cookie Banner if privacy invasive cookies’. I don’t think being able to disable is bad, I think they didn’t go far enough (and also of course datapeople only comply in the most malicious way possible. It’s literally their job, a job that shouldn’t exist.)
Even the idea of tightening regulations for igaming has many EU countries frothing at the mouth, what makes you think that this didn’t start as “no privacy-invasive cookies?”
If the cookies are nessecary for the site to technically function, you don’t need to be promoted to accept. The law - which doesn’t even mention cookies - allows the absolute minimum amount of data required to provide a service to be gathered. For a website, that included cookies for storing preferences, shopping baskets, login tokens, etc.
But it must still inform you and give you the right to not use the service if you don’t want this form of collection happening, its just that you can’t use the service and refuse the bare minimum they need to operate.
That shit should be illegal. Accept all / reject all. That’s it. If somebody is disabling cookies, literally nobody in the entire world wants any of them! “Oh yeah, please, only keep my location data but not the data about my purchase decisions”…
I have good news for you: In the EU (which forced everyone to have the cookie-accept-banners in the first place) it IS illegal.
It was pretty crazy taking my phone from the United States to the EU and seeing all of the notifications of how my data is being shared by “free” apps! It just goes to show that the saying “if the product is free, you’re the product” is 100% true!
The EU didn’t force anyone to have the cookie banners. If the site only uses nessecary cookies - the kind you can’t turn off in the prompt - there doesn’t need to any prompts because that’s perfectly fine. The intrusive, obnoxious and deliberate confusing popups are from data harvesters throwing a tantrum because they can’t stalk you every waking second any more, and complying in the most malicious and disrespectful way they can.
Cookie banners are nothing to do with the EU and everything to do with tech-bros.
The EU knew about DNT signals before GDPR was finalized and decided to ignore them. I know, I was a web dev at that time (and still am, yes I’m ancient in internet years). This is on the EU and techbros, but having internet explorer and other browsers like firefox (not sure if chrome did it?) enabling DNT by default would make tech bros upset, and the EU couldn’t have that, so they made the tech bros a little happier by allowing the consent banners instead.
From the working party back then, which was promptly rejected in the final GDPR we have today:
2016
2017
Heck, the W3C was even talking about working to make it happen.
Point is, the EU sucked up to corporations, surprise surprise.
Receipts:
https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/index_en.htm
https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2016/wp240_en.pdf
https://ec.europa.eu/newsroom/article29/redirection/document/44103
I mean… The EU could’ve also said ‘no privacy invasive cookies’ instead of ‘cookie Banner if privacy invasive cookies’. I don’t think being able to disable is bad, I think they didn’t go far enough (and also of course datapeople only comply in the most malicious way possible. It’s literally their job, a job that shouldn’t exist.)
Even the idea of tightening regulations for igaming has many EU countries frothing at the mouth, what makes you think that this didn’t start as “no privacy-invasive cookies?”
It is not fine, you still need to be informed and accept
If the cookies are nessecary for the site to technically function, you don’t need to be promoted to accept. The law - which doesn’t even mention cookies - allows the absolute minimum amount of data required to provide a service to be gathered. For a website, that included cookies for storing preferences, shopping baskets, login tokens, etc.
But it must still inform you and give you the right to not use the service if you don’t want this form of collection happening, its just that you can’t use the service and refuse the bare minimum they need to operate.