No Cookie Consent Walls -- and No, Scrolling Isn't Consent, Says EU Data Protection Body (techcrunch.com) 284
You can't make access to your website's content dependent on a visitor agreeing that you can process their data -- aka a 'consent cookie wall.' Not if you need to be compliant with European data protection law. From a report: That's the unambiguous message from the European Data Protection Board (EDPB), which has published updated guidelines on the rules around online consent to process people's data. Under pan-EU law, consent is one of six lawful bases that data controllers can use when processing people's personal data. But in order for consent to be legally valid under Europe's General Data Protection Regulation (GDPR) there are specific standards to meet: It must be clear and informed, specific and freely given. Hence cookie walls that demand 'consent' as the price for getting inside the club are not only an oxymoron but run into a legal brick wall. No consent behind a cookie wall The regional cookie wall has been crumbling for some time, as we reported last year -- when the Dutch DPA clarified its guidance to ban cookie walls. The updated guidelines from the EDPB look intended to hammer the point home. The steering body's role is to provide guidance to national data protection agencies to encourage a more consistent application of data protection rules.
I don't get it (Score:3, Insightful)
Re: (Score:3)
because everyone used it and sold or gave the data to couple of big companies for pennies. that's how we got to the situation because 500% of all sites have such things where they save and track you across multiple sites(many sites have many so that's how it's 400% more than you would think to be physically possible).
though truth to be said you can view a lot of websites without ever agreeing to that thing.. though it makes me wonder if they still save the cookies even if I don't agree?
I mean fu.... you d
Re: (Score:2)
Since you can run a website for free, web sites need some source of revenue. A major source of revenue in the current web comes from selling selling tracking data (ie as used in targeted advertising). If the EU cuts off this source of revenue, what is going to happen? Do you want every website on the web to have a paywall in front of it? Content doesn't create itself and servers don't run on pixiedust, someone has to pay for it. If you want to browse around millions of websites for free without offering a
Re:I don't get it (Score:5, Insightful)
If the EU cuts off this source of revenue, what is going to happen? Do you want every website on the web to have a paywall in front of it?
Franky, yes.
One thing I hate is the kind of 'bait and switch' of a lot of websites, where they show you the top snippet of a site, then once you get past the first 2 paragraph, they ask your for payment, or email, or whatever. I hate it because they're not being upfront about how they allow you to get to their content.
When I go to the grocery store, I don't get to be able to open a box of cereal, sample it, before being expected to pay for it. Sure, they provide samples so people don't go around opening boxes, but even then you're not expected/being asked to provide your info after you've already swallowed that sample.
If you want me to pay for your content, then two things: 1. be upfront about it, so I know what to expect; and 2. let me decide if I want your content, and how I want to pay; don't start grabbing/tracking my info before I even see you asking for it; otherwise I'll start adding client-side headers like:
X-Content-Provider-Agrees: By providing any content in response to this HTTP(S) request, you agree to forfeit any data you collect about me, and pay $100 for every bit you use without such consent.
Re: (Score:3)
Commercial websites need a source of income. There were websites created before commercial activity was allowed.
That said, there *are* a lot more web sites covering a lot more things than before commerce was allowed over the internet, and it isn't *all* because there's been more time for it to develop. But there's also been a degradation in average quality and trustworthiness. Possibly that was inevitable with a wider section of the population using the internet. But I'm much less than convinced that ja
Re: I don't get it (Score:3)
Re: (Score:2)
Most of that big data shit doesn't help that much though.
There are trillion dollar companies in the big data business. So I think it does help.
I can make more than enough advertising local grocery stores And car dealerships to you
How much is "more than enough"?
Google can make a lot more advertising a specific type of car, and letting you know about the new Azerbaijani bakery.
Re: (Score:3)
If the EU cuts off this source of revenue, what is going to happen?
The web sites will go back to other forms of revenue. Advertisements, paid content, or truly free content marketing (where the content itself is the advertisement).
This would lead to less content on the Internet (for EU residents at least), but the EU has decided they prefer that to the data mining practices which have become common.
Re: (Score:3)
Advertisment?
I missed the point where Ads per se are forbidden. It's overly broad, cross-site tracking.
Ads worked for centuries without individual user tracking.
Re: (Score:3)
If I'm visiting a website about electronics, then ads for oscilloscopes, vacuum tubes and similar would match the site and may actually get my interest.
Showing the ad for a hard drive right after I bought 5 of the exact model will not.
They need to offer something too! (Score:2)
No, they do not "need" a source of revenue. If they don't offer something that you can't get elsewhere for free, they don't have a product, and can take their invalid business model and fuck off and die.
And if they do have a product, they don't need to pimp off your privacy and defraud you (aka advertisement) either.
They can just say "If you want it, you pay here _____. If you don'ty you fuck off."
In any case, you can't just justify every action with "they need to make money"!
If it harm people, it's a crime
Re: (Score:3)
How much did you pay Slashdot to provide this forum you are using for your commenting?
You better stop using it because Slashdot is tracking you.
Re:I don't get it (Score:5, Insightful)
Let me help you out then. What if a store you just walked into wanted you to carry a tracker on your person just to get into their doors... would you go in? Some people would say yes... but many people would not agree either. But here is the problem... you cannot even get in to see if there is anything you want to buy before having to sacrifice something. That is wrong no matter how you slice the pie. But that is the unfortunate future.
In your case... the problem is the condition of access. The access you just allowed them also allows others to track you as well.
In short... they require some access to ME before I get access to them. Am I not the the customer here? The logic you just expressed is why there are big giant and powerful corporations out there and why your decisions in the economy are often made for you long before you even know it or understand why.
Now that they know they can pre-condition access at your expense why would they not get a superiority complex from that and look for more ways to get access to you?
How about a contact lens that you pay for AND have to see commercials as you are walking around and doing you work?
You need to remain a consumer... and never become a product. That is what the cookies are for, to turn you into a product so that businesses and take metrics and sell or use them in some way to leverage you. Whether it benefits you or disadvantages you is irrelevant. It does benefit them!
Re:I don't get it (Score:5, Insightful)
Let me help you out then. What if a store you just walked into wanted you to carry a tracker on your person just to get into their doors... would you go in?
It's much worse than that.
It's like a store that requires you to pay a deposit just to go inside and look around with no refund if you don't buy anything.
Re:I don't get it (Score:4, Insightful)
You are right... you don't get that privacy back even if you do not buy or want what you just saw.
Re: (Score:2)
Re: (Score:3)
That used to happen in France when I was a lot younger. That's why you still see a few shops with signs saying 'Entree Libre' in the windows.
Thankfully, they changed the law.
Re: (Score:2)
You mean like estimates for trade services? I HATE the fact I can't get an estimate on a repair without a $125.00 "deposit" that will get absorbed if I go ahead with the repair.
I can understand their time and everything, but come on, why am I paying for their travel time for an estimate?
I tend to avoid those people at all costs, pun intended.
Yo Grark
Re: (Score:2)
why am I paying for their travel time for an estimate?
Because someone has to pay the person to show up at your door. You either pay them directly to show up, or it's baked into the cost of whomever you ultimately purchase the service from. Most places just bake that in to their product cost, I haven't seen too many companies that charge to produce an estimate.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Did you copy and paste that from some corporate website terms and conditions?
Re: (Score:3)
But here is the problem... you cannot even get in to see if there is anything you want to buy before having to sacrifice something. That is wrong no matter how you slice the pie. But that is the unfortunate future.
I agree with you in principle however that doesn't withstand legal scrutiny which doesn't consider if you know or don't know what you want at the other side of the wall. This is why it is legal in many countries for your bags to be searched providing the condition of enter into the store that they may search your bag is presented to you *before* you enter and not when you attempt to leave.
The issue may be different in the USA where the limits between private and public are blurred with the principle of an a
Re: (Score:2)
That was a really well-explained answer. Thanks!
Re: (Score:2)
Re: (Score:3)
Let me help you out then. What if a store you just walked into wanted you to carry a tracker on your person just to get into their doors...
A store wanting to know where I am and what I'm doing while I'm there? Like a security camera?
Re: (Score:2)
This is the EU, you don't actually own your property, they merely allow you to use it.
Re: (Score:2)
Re: (Score:2)
When you open up a business to the public you are making a social contract with society that you are willing to accept societal/government restrictions on your business. If you don't agree to those restrictions then either don't start a public business (web site in this case).
Re: (Score:2)
Without the state, or some similar entity, the large bundle of different rights we collectively call "property rights" would need to be individually defended. The average person would have no way of defending all those rights against large organized groups like corporations.
So what we do is we create a group of our own, through collective decision making, that does have the power to enforce those rights. Collectively, we decide what those rights are. Do we include the right to repair? The right to resell? A
Re: (Score:2)
Re: (Score:2)
"I trade my privacy to Google for free email, a GPS, a high performance web browser with regular updates and an entire high performance OS on my phone. I do something similar with my eyeballs when I watch YouTube."
Google does not have "GPS". You could not buy "GPS" from Google for any amount of money for they have not "GPS" to sell. The Global Positioning System is a bunch of satellites owned and operated by the United States Air Force (now the United States Space Command) which transmit radio signals enc
Re:I don't get it (Score:5, Informative)
Cookies themselves are not the issue. It's what they are being used for. That has been the biggest misunderstanding about complying with the GDPR on websites.
If your cookie is simply setting a state in some anonymous fashion (e.g. "ClosedDialog=Yes"), the GDPR isn't concerned about that. However, if those cookies are used to store any kind of personally-identifiable information, even if it's a unique code or number for that person, which you intend to use to track their activity, THEN you must get their consent.
Now, if that user needs to sign up to your site to gain access, the process of creating an account is where you get their consent. However, if a user is just a random visitor from the internet with no need to log in, and you still want to track their activity, that's when a consent pop-up is typically used. But the GDPR requires that you cannot force them to answer "yes", you cannot default their choice to "yes", and you cannot bind their consent to any other activity. If they say "no" or don't answer, then you can't track them, and you have to allow them to access what is otherwise public information. It's a simple as that.
Re: (Score:2)
It's not public information. It's their product they want to get paid for.
Why should they give it up without being paid?
Re:I don't get it (Score:5, Informative)
If the visitor can access the information without logging in, it's public information. And sorry, the GDPR prohibits one from tracking them without their consent. So, if this disrupts the business model for being paid, one needs to find a different business model. That may entail making the information private and requiring users to create accounts first, at which point their consent can be gained.
Re: (Score:3)
Either the information is needed to carry out a task the user specifically asked for, in which case consent is implied and does not need to be requested, or the user has no reason to give consent and you might as well not bother asking.
Bingo...that's pretty much it.
One of my customers had several websites for which I needed to add a tracking consent dialog to comply with the launch of the GDPR. A huge percentage of visitors answered "no". The customer was stymied in their attempts to conduct re-marketing campaigns. They wanted me to remove the "no" option and I told them it would be non-compliant. We argued for a while, I recommended the consult with a lawyer, and in the end they discovered I was correct.
Here's the reality -- no one wants
Re: (Score:3)
It's not public information.
If it's presented to the public it becomes public information. There are very few countries or places in the world where you can broadcast something freely and then shake down people for it afterwards.
The parent made the difference clear: sign-up / login is the boundary. You can't have completely publicly accessible content in a public area free to access for everyone and then declare "it's private information, pay me for the privilege that you came here".
Re: (Score:3)
Whether it's public information or not is irrelevant.
In the EU you can tie the request for processing personal data to a service only as long as such processing is strictly necessary to operate the service provided.
Note that the mere need for monetization is no such thing: if your service can function without personal data processing, you are not allowed to tie personal data processing to it no matter how much your business model needs that money to survive.
This leaves the other option for requesting the ab
Re:I don't get it (Score:4, Insightful)
So now we won't be able to get into a compliant website without signing up? This all seems like a lot of extra work for the masses...
No, not at all. It's actually really simple, both for you and them. First, make sure your website has no trackers already enabled. Then, display a consent dialog. If the visitor consents to being tracked, store the state of their "yes" response and start adding your trackers. If they decline, store the state of their "no" response and carry on without the trackers.
Re:I don't get it (Score:4, Insightful)
You can have a compliant website by NOT COLLECTING DATA FROM PEOPLE THAT HAVE NOT CONSENTED. You could always have a compliant website that way. All this decision affirms is that extortion is not consent, which really should not be controversial.
You don't have to require a signup. You just have to stop assuming that everyone is consenting to have their data collected by whatever half-assed method you are using.
Re: (Score:2, Insightful)
All this decision affirms is that extortion is not consent, which really should not be controversial.
The above highlights the issue perfectly: you have defined basic commerce ("I will give you something of value (my content) in exchange for something of value (your identity)") as extortion. You have taken a word that means "to obtain something of value through the use or threat of force" and stated (with an apparently straight face) "you can't see my cat videos unless you agree that we can set a cookie" meets this definition.
If your world view is that a "right" is "something that someone has to do for me"
Re: (Score:3)
Not necessarily. It can be argued that the cookies in this case are functionally necessary. The user made a conscious decision to add an item to the cart and has a reasonable expectation for it to be remembered. However, the site in question must be the only one using any ID's, provide an option to remove the cart or items in it (as easily as adding them), and/or use a timeout to cancel the cart after a period of time. You can't track that information forever if they don't commit to the sale. GDPR is more c
Re: I don't get it (Score:4, Informative)
Same reason why literally asking for an arm and a leg, or a kidney, in exchange for something else (e.g. a car) is illegal: because people carefully reading your terms, weighting their options, and making the decision that best suits them is an illusion.
The reality is that most people are easily influenced by momentarily emotional states a lo more easily than by arguments accesible to reason. Whoever has the resources to influence said emotions will, in the log run, win against the best interests of their cusomers -- or society at large.
For webites this means that people will click on anything in the heat of the moment just to get to the content, the've been conditioned to want *right* *now*.
It's commonly called an "anti-pattern".
If you truly, genuinely want to offer content to informed people, the you can, for example, require a paid membership, and pay the member an amount of money equalling their membership fee if they consent to your surveilllance. This is perfectly legal, but hardly anyone would do it, unless your content is *really* worth that money (which usually it isn't).
Re: (Score:2)
I don't agree with this; why can't I condition access to my content on someone accepting cookies? Seems like a fair system to me... you are offered access in return for me setting some cookies on your system. Can someone explain to me how this isn't reasonable?
Two reasons. (1) most web use cases don't require cookies; even if you have to maintain some sort of user session there are ways to do that without cookies. (2) The explosion of the use of cookies (particularly third-party cookies) to track people across the web, which is a privacy issue.
Re: (Score:2)
The only way to maintain a session is to use a token of some sort, which is just a cookie by any other name. Anyway, session cookies aren't prohibited so it's a moot point.
Re: (Score:2)
What explosion? Cookies in general, and third-party tracking cookies for advertising purposes in particular, are nothing new. Hell... I still remember all of the double-click hate on Slashdot since well before they were acquired by Google in 2007. BFD. Anyone who has a problem with it can easily manage it at their own computer and browser level, as per their own preferences. There is no need for a massive one-size-fits-all solution imposed on everyone.
Browser fingerprinting, IMO, is the bigger issue, si
Re: (Score:2)
In the EU you can process personal data only in mainly 2 cases:
If you actually need to be able to process personal data you can definitely tie that to the access to your service: e.g. if someone doesn't allow you to process his/her home address it's perfectly fine for you to exclude that someone from your home delivery service. Without being able
Re: (Score:2)
I suppose the rub is that a company is currently mandated to make clear that their 'free' service is funded by data they gather through cookies. People interpreted GPDR as meaning this now has to be made clear and up front, which is good. I see a GPDR warning about cookies and I can click on out of there because I don't want to participate. This is all very good, users know more about what they could get into and the option to decline.
Now the issue seems to be that they are saying you can't even make that e
Re: (Score:2)
Because you abused it.
Re: (Score:2)
Because you either offer the content without conditions, or you put the content behind a specific wall, other than cookie agreement. Paywalls are fine. Ads are fine. Tracking cookies enabled forever in exchange for reading a couple paragraphs and never visiting that website again is not fine.
Re: (Score:2)
You don't get it because you constructed a strawman based on a paraphrase of the decision in the summary of an article.
The ruling isn't even about cookies per se. The improper condition is requiring data priotection to be waived to get access to the site. Cookies are just the most popular mechanism of recording that condition, but not the only mechanism. It's not even the only mechanism mentioned in the title.
If you properly managed data privacy, but required cookies on your site for some other reason, the
Re: (Score:2)
Re: (Score:2)
It may be reasonable, but it is explicitly forbidden by GDPR. That's why you can't do it.
Answers to the "and why it is forbidden" question were already given.
Re: (Score:2)
I don't agree with this; why can't I condition access to my content on someone accepting cookies? Seems like a fair system to me... you are offered access in return for me setting some cookies on your system. Can someone explain to me how this isn't reasonable?
The explanation you're looking for is exactly where one would expect it to be, the EDPB guidelines: https://edpb.europa.eu/sites/e... [europa.eu] specifically:
86. Example 16: Based on recital 32, actions such as scrolling or swiping through a webpage or similar user
activity will not under any circumstances satisfy the requirement of a clear and affirmative action: such
actions may be difficult to distinguish from other activity or interaction by a user and therefore
determining that an unambiguous consent has been obtain
Re: (Score:3)
We can talk long and hard about the EU.
But this is about privacy and tracking. The overreach is by the companies tracking you.
Also while we are on the subject: are their any free markets around the world ? They are all regulated in some sense.
Re: (Score:2)
Also while we are on the subject: are their any free markets around the world ? They are all regulated in some sense
A market can be free and heavily regulated at the same time. It's the nature of "regulated" that matters. There's no useful definition of "free market" that doesn't include the current big commodities exchanges, and yet those exchanges have a lot of market rules you have to follow.
You want to trade stock options in the US? You must first read The Characteristics & Risks of Standardized Options, weighing in at 188 pages, [theocc.com] and that's just the most basic introduction to the rules. But those rules are al
Re: (Score:2)
Re: (Score:2)
Because it's illegal. And I fully agree that it should be illegal, and the USA should follow this and make it illegal as well.
"Because it's illegal" is the most worthless argument when anyone is complaining about a law. The OP understands it is illegal, he simply thinks it shouldn't be. You are setting yourself up to support a whole slew of laws both in the past and present if you think "because it's illegal" is a reasonable argument.
You agreeing it should be illegal is a fine argument, although you give no reasons why. Anyone claiming there aren't two very valid sides to this argument is being ignorant, as it is reasonable for pe
Re: (Score:2)
It is not a sick bird (illegal) at all. Nor is it prohibited. You can commit extortion (or murder) or any other crime all you wish. That does not mean, however, that you might not be punished (whipped, hands cut off, impaled on a sharp spike, shackled in a dank cave, etc) for your act.
Extortion? (Score:2, Insightful)
You mean extortion is illegal?
Shiver me timbers, who knew?
Re: (Score:2)
It's "extortion" in the same sense as entrance fees for a facility, or liability wavers for dangerous sports. In other words, it's not, it's an agreement in exchange for a service. The argument that cookie walls aren't genuine consent is just objectively wrong: the visitor is making a free choice to agree to the terms and use the service, or disagree with the terms and not use the service. Unless of course the visitor is somehow obligated to use the service anyway (such as for e.g. an online rental payment
Re: Extortion? (Score:2)
Your analogy might work if venues required you to implant a subdermal tracker before entry that continued to track your whereabouts months after the event. And they did this surreptitously through a hand stamp. And outside the EU, they don't even have to tell you they're doing it.
So, yeah, at some point abusive behavior needs to be regulated when all the concert venues switch to this system and demonstrate they aren't responsible enough to handle this technology without regulations.
Re: (Score:2)
And they did this surreptitously through a hand stamp.
But what if before the stamp they up front say 'look, this stamp will let us track your activity around town for as long as we like, but you do get to enjoy our services without additional charge in exchange', it wouldn't be so surreptitious.
Now if you say "holy crap, that is too creepy to ever allow, you shouldn't even be able to ask consent", ok that's a consistent position, and one I would actually not mind at all.
If you say "ok, as long as it is crystal clear about the privacy implications", then that's
Good for them (Score:2)
Sites that ask for my personal data before I've even read a single word of their content are crap.
Where's the "refund" if the content turns out to be useless?
Re: (Score:2)
But there are sites that do more than ask. There are some sites that have a large banner across the screen that asks you to accept their cookies. There is no option to say no an proceed and the actual information is locked in the background (either blurred out or scroll locked seems to be the main way of doing it). So the site may not be forcing you to accept the cookies but it is blocking you from seeing if the content is worth agreeing to. So as the parent stated, there is no way to get a "refund" if the
Re: (Score:2)
If it turns out to be useless, then that's when you celebrate that they only asked.
Huh?
Many sites only let you find out it's useless after you've consented .
pay wall? (Score:4, Insightful)
If the purpose of collecting data is to sell it to raise money to fund the development of the site, then what do they want? Are they asking for a choice on each web site that says either pay $$$ or let the site harvest your data? Large pieces of the web are funded by harvesting data. Giving you the choice of full access without harvesting or paying does not provide financial support to the web site developer.
Re: (Score:3, Insightful)
Are they asking for a choice on each web site that says either pay $$$ or let the site harvest your data?
It's a bit deeper than that: they're trying to break:
Large pieces of the web are funded by harvesting data.
By forcing them not to leverage for user consent thereby violating the definition of "consent," they are in turn forcing them to adopt revenue models which don't rely upon data mining of users. This, in turn, brings the web back closer to before data mining was a major thing from a financial perspective such that non-data-miners can compete on equal footing. The long-term effect would likely be data-mining disappearing as a primary revenue pipeline if t
Re:pay wall? (Score:5, Informative)
Re: (Score:2)
If the purpose of collecting data is to sell it to raise money to fund the development of the site, then what do they want?
They want to you to find a new business model, as there's no realistic chance of convincing a sufficient number of users to give away their personal information, without forcing them to do it, tricking them into doing it, or going behind their back to collect it.
Re: (Score:2)
Re: (Score:2)
Exactly. And if they can't find another way to finance their website besides spying on you then fuck them.
Re: (Score:2)
They are trying to specify and make clear what an informed, specific, freely given, and withdrawable choice actually is, since it is a rather vague concept. Read through the examples in the actual document [europa.eu], they are more clear than the text itself.
Example 1: A mobile app for photo editing asks its users to have their GPS localisation activated for the use of its services. The app also tells its users it will use the collected data for behavioural advertising purposes. Neither geolocalisation or online behavioural advertising are necessary for the provision of the photo editing service and go beyond the delivery of the core service provided. Since users cannot use the app without consenting to these purposes, the consent cannot be considered as being freely given.
In this case, the app can not use the condition of providing location data as a reason to deny access to the app since it is not required by the app itself. Can they ask for it - Yes. If consent is granted can they process it - Yes. But they can not require it
Re: (Score:2)
What is funded on the web using this personal data is mostly garbage ad-harvesting websites designed to grab your attention with open ended teaser questions like:
"The X things you didn't know about Y"
"X ways to improve Y but you're not doing"
"Would X be better if it did Y?"
No value will be lost if sites like those die, in fact, I think it will create value.
Re: (Score:2)
If the purpose of collecting data is to sell it to raise money to fund the development of the site, then what do they want?
There are many ways to fund something, no need to default to data harvesting.
Are they asking for a choice on each web site that says either pay $$$ or let the site harvest your data? Large pieces of the web are funded by harvesting data.
Yes and yes.
Giving you the choice of full access without harvesting or paying does not provide financial support to the web site developer.
The developer is more than able to provide access via a login/portal if the latter is something they feel about. But you can't go put a sign in the street saying "The condition of you having read this sign is that you give me your name and carry this tracking beacon".
Re: (Score:2)
There are many ways to fund something, no need to default to data harvesting.
Yeah, the days when advertising is required to fund the internet are over. There are so many ways to fund content these days that ad-clicks are no longer necessary.
Re: (Score:2)
data harvesting is not synonymous with advertising.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So now every website in the EU is going to have this idiotic popup....
Click here --- Pay €5 to access this website
Click here --- Exchange your info for access to this website
Re: (Score:2)
I see you didn't even read the summary.
Cudos to Slashdot (Score:3)
Many sites still refuse access if you don't agree. MacRumors makes you go through a lengthy process, including displaying a list of advertisers that I'd need to deselect individually, plus advertisers who illegally don't let me opt out at all. ArsTechnica was worse at times.
The correct way: One popup, with a choice "Reject", and a choice "Accept" and a choice "Configure" if they like. Anything more than a single click to use the site without cookies is illegal.
I assum this is only for non-essential stuff? (Score:3)
Cookies are required for many sites to function at all and I'm honoring the /. tradition of not reading the linked article...
Re: I assum this is only for non-essential stuff? (Score:2)
My understanding is it only applies to tracking cookies. Session cookies and those used to preserve app state (such as the fact you clicked "no cookie") are exempt.
Re: (Score:2)
Cookies are required for many sites to function at all and I'm honoring the /. tradition of not reading the linked article...
The GDPR and the previous privacy laws have never covered cookies essential to the function of the site.
Re: (Score:2)
I just wish there was at least one website developer out there that realized this, because it seems every single site has a cookie popup, regardless of what types of cookies they use (and funilly enough, regardless of what countries they're even accessible in!)
Easy solution to the tracking ad problem? (Score:2)
Can someone explain why it is so difficult to block these tracking cookies?
When I visit slashdot.org, I login and get a cookie for slashdot.org. That's pretty much the only legitimate usage for a cookie. When slashdot.org displays a banner ad from adtracker.com, let them set their tracking cookie, that's fine. The problem only arises when I visit news123.com and they also display a banner ad from adtracker.com. They want to read the cookie they got from slashdot.org. Just don't let them. Make that anot
Re: (Score:2)
How will you implement that? Will adtracker.com end up setting different cookies for apple.slashdot.org and tech.slashdot.org?
This breaks the whole point of third party cookies. If you accept that third party cookies are illegitimate and should be broken, just go into Firefox options and tell Firefox not to accept third party cookies.
Your proposal achieves the same but with new complicated code having to be written.
(For the record, I think that third party cookies are illegitimate and should be broken, so i
Re: (Score:2)
How will you implement that? Will adtracker.com end up setting different cookies for apple.slashdot.org and tech.slashdot.org?
Yes, that's exactly what I want to do.
This breaks the whole point of third party cookies. If you accept that third party cookies are illegitimate and should be broken, just go into Firefox options and tell Firefox not to accept third party cookies.
My proposal is different from not accepting the cookies. If you do that, then the Javascript on the page detects it, and displays popups telling you to re-enable it.
After posting this, I found that there are proposals [cookie-script.com] to do exactly this, but they seem to be watered down and require the web site to request this form of cookies rather than the browser doing it.
Comment removed (Score:4, Informative)
Re: (Score:2)
BTW regardless of any EU legislation, cookie blocking is what popular browsers like Firefox or extensions like uBlock Origin and Privacy Badger do automatically for you.
Some sites refuse to work if you block cookies. I suppose these tools could be modified to supply fake cookies?
Re: I see a lot of uninformed masses (Score:2)
Unlikely. Reasonably competent sites encrypt the cookie data, so a junk cookie won't decrypt correctly and will be treated like an expired or non-existent cookie.
Re: (Score:2)
...cookie blocking is what popular browsers like Firefox or extensions like uBlock Origin and Privacy Badger do automatically for you.
Unfortunately, blocking cookies creates a problem whereby it's sometimes impossible to dismiss those cookie/consent dialog boxes because even the "no" answer doesn't get saved. One is stuck having part of the screen blocked, or the entire site becomes inaccessible if it uses a full-page modal consent dialog.
Re: (Score:2)
I find uBlock Origin's "block element" function to handle that very well.
We need more technical people making laws (Score:3)
Re: (Score:2)
No you don't. Claiming that a user being tracked improves experience doesn't withstand legal scrutiny in the EU. I mean you can try it, just don't come crying back when you get screwed by the laws. No need for technical people to get involved, the lawyers are more than capable of handing you some lube.
So just go ahead and take it then? (Score:2)
If you don't have the wall, then they're just going to take it.
Some guy in Brussels just felt aggrieved for having to click on something without realizing their zealous data protection body caused this mess.
The free ride is over (Score:2)
Back when we read printed newspapers, we tolerated ads just fine. But those printed ads didn't track you, use your computing resources to mine bitcoins, and play animated videos. Advertising is fine, just not in the current form. We understand that journalism and publishing cost money, and we are fine to pay for it by ads. And we can't legislate away advertising under the guise of protecting our data. We need to either put up or shut-up here: either pay for your news (I subscribe to The Guardian) or new
This is also true of Canada (Score:3)
The Right of Privacy is a guaranteed right in the Canadian Constitution and can not be given away or obscured through such means, and any Canadian Citizen or Canadian Resident (in Canada or territories) has this Right.
it can't be subsumed by "you must accept this cookie" legal fake language.
Re: (Score:2)
I highly doubt anyone in the EU would care. The sites that rely almost exclusively on third party tracking for revenue don't tend to have any content of any real value.
Third party tracking just simply doesn't pay enough to fund that sort of development on it's own, so any site with actual useful content already has a different business model for most of their revenue, and I don't see a site like that cutting off access completely instead of accepting an extremely slight reduction to their revenue stream. Re