Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
EU Privacy

No Cookie Consent Walls -- and No, Scrolling Isn't Consent, Says EU Data Protection Body (techcrunch.com) 284

You can't make access to your website's content dependent on a visitor agreeing that you can process their data -- aka a 'consent cookie wall.' Not if you need to be compliant with European data protection law. From a report: That's the unambiguous message from the European Data Protection Board (EDPB), which has published updated guidelines on the rules around online consent to process people's data. Under pan-EU law, consent is one of six lawful bases that data controllers can use when processing people's personal data. But in order for consent to be legally valid under Europe's General Data Protection Regulation (GDPR) there are specific standards to meet: It must be clear and informed, specific and freely given. Hence cookie walls that demand 'consent' as the price for getting inside the club are not only an oxymoron but run into a legal brick wall. No consent behind a cookie wall The regional cookie wall has been crumbling for some time, as we reported last year -- when the Dutch DPA clarified its guidance to ban cookie walls. The updated guidelines from the EDPB look intended to hammer the point home. The steering body's role is to provide guidance to national data protection agencies to encourage a more consistent application of data protection rules.
This discussion has been archived. No new comments can be posted.

No Cookie Consent Walls -- and No, Scrolling Isn't Consent, Says EU Data Protection Body

Comments Filter:
  • I don't get it (Score:3, Insightful)

    by afgun ( 634001 ) on Wednesday May 06, 2020 @09:53AM (#60028280)
    I don't agree with this; why can't I condition access to my content on someone accepting cookies? Seems like a fair system to me... you are offered access in return for me setting some cookies on your system. Can someone explain to me how this isn't reasonable?
    • by gl4ss ( 559668 )

      because everyone used it and sold or gave the data to couple of big companies for pennies. that's how we got to the situation because 500% of all sites have such things where they save and track you across multiple sites(many sites have many so that's how it's 400% more than you would think to be physically possible).

      though truth to be said you can view a lot of websites without ever agreeing to that thing.. though it makes me wonder if they still save the cookies even if I don't agree?

      I mean fu.... you d

      • Since you can run a website for free, web sites need some source of revenue. A major source of revenue in the current web comes from selling selling tracking data (ie as used in targeted advertising). If the EU cuts off this source of revenue, what is going to happen? Do you want every website on the web to have a paywall in front of it? Content doesn't create itself and servers don't run on pixiedust, someone has to pay for it. If you want to browse around millions of websites for free without offering a

        • Re:I don't get it (Score:5, Insightful)

          by Sebby ( 238625 ) on Wednesday May 06, 2020 @11:09AM (#60028620)

          If the EU cuts off this source of revenue, what is going to happen? Do you want every website on the web to have a paywall in front of it?

          Franky, yes.

          One thing I hate is the kind of 'bait and switch' of a lot of websites, where they show you the top snippet of a site, then once you get past the first 2 paragraph, they ask your for payment, or email, or whatever. I hate it because they're not being upfront about how they allow you to get to their content.

          When I go to the grocery store, I don't get to be able to open a box of cereal, sample it, before being expected to pay for it. Sure, they provide samples so people don't go around opening boxes, but even then you're not expected/being asked to provide your info after you've already swallowed that sample.

          If you want me to pay for your content, then two things: 1. be upfront about it, so I know what to expect; and 2. let me decide if I want your content, and how I want to pay; don't start grabbing/tracking my info before I even see you asking for it; otherwise I'll start adding client-side headers like:

          X-Content-Provider-Agrees: By providing any content in response to this HTTP(S) request, you agree to forfeit any data you collect about me, and pay $100 for every bit you use without such consent.

        • by HiThere ( 15173 )

          Commercial websites need a source of income. There were websites created before commercial activity was allowed.

          That said, there *are* a lot more web sites covering a lot more things than before commerce was allowed over the internet, and it isn't *all* because there's been more time for it to develop. But there's also been a degradation in average quality and trustworthiness. Possibly that was inevitable with a wider section of the population using the internet. But I'm much less than convinced that ja

        • Most of that big data shit doesn't help that much though. Just based on IP address I know you're in Seattle, Washington I can make more than enough advertising local grocery stores And car dealerships to you without knowing all your personal details.
          • Most of that big data shit doesn't help that much though.

            There are trillion dollar companies in the big data business. So I think it does help.

            I can make more than enough advertising local grocery stores And car dealerships to you

            How much is "more than enough"?

            Google can make a lot more advertising a specific type of car, and letting you know about the new Azerbaijani bakery.

        • by ranton ( 36917 )

          If the EU cuts off this source of revenue, what is going to happen?

          The web sites will go back to other forms of revenue. Advertisements, paid content, or truly free content marketing (where the content itself is the advertisement).

          This would lead to less content on the Internet (for EU residents at least), but the EU has decided they prefer that to the data mining practices which have become common.

        • Advertisment?

          I missed the point where Ads per se are forbidden. It's overly broad, cross-site tracking.

          Ads worked for centuries without individual user tracking.

        • No, they do not "need" a source of revenue. If they don't offer something that you can't get elsewhere for free, they don't have a product, and can take their invalid business model and fuck off and die.

          And if they do have a product, they don't need to pimp off your privacy and defraud you (aka advertisement) either.
          They can just say "If you want it, you pay here _____. If you don'ty you fuck off."

          In any case, you can't just justify every action with "they need to make money"!
          If it harm people, it's a crime

          • How much did you pay Slashdot to provide this forum you are using for your commenting?

            You better stop using it because Slashdot is tracking you.

    • Re:I don't get it (Score:5, Insightful)

      by SirAstral ( 1349985 ) on Wednesday May 06, 2020 @10:12AM (#60028354)

      Let me help you out then. What if a store you just walked into wanted you to carry a tracker on your person just to get into their doors... would you go in? Some people would say yes... but many people would not agree either. But here is the problem... you cannot even get in to see if there is anything you want to buy before having to sacrifice something. That is wrong no matter how you slice the pie. But that is the unfortunate future.

      In your case... the problem is the condition of access. The access you just allowed them also allows others to track you as well.

      In short... they require some access to ME before I get access to them. Am I not the the customer here? The logic you just expressed is why there are big giant and powerful corporations out there and why your decisions in the economy are often made for you long before you even know it or understand why.

      Now that they know they can pre-condition access at your expense why would they not get a superiority complex from that and look for more ways to get access to you?

      How about a contact lens that you pay for AND have to see commercials as you are walking around and doing you work?

      You need to remain a consumer... and never become a product. That is what the cookies are for, to turn you into a product so that businesses and take metrics and sell or use them in some way to leverage you. Whether it benefits you or disadvantages you is irrelevant. It does benefit them!

      • Re:I don't get it (Score:5, Insightful)

        by Joce640k ( 829181 ) on Wednesday May 06, 2020 @10:15AM (#60028370) Homepage

        Let me help you out then. What if a store you just walked into wanted you to carry a tracker on your person just to get into their doors... would you go in?

        It's much worse than that.

        It's like a store that requires you to pay a deposit just to go inside and look around with no refund if you don't buy anything.

        • Re:I don't get it (Score:4, Insightful)

          by SirAstral ( 1349985 ) on Wednesday May 06, 2020 @10:19AM (#60028380)

          You are right... you don't get that privacy back even if you do not buy or want what you just saw.

          • by nasor ( 690345 )
            I'm confused, if you buy a book/movie/newspaper/whatever and end up not liking the content that you purchased, do you expect to get your money back?
        • That used to happen in France when I was a lot younger. That's why you still see a few shops with signs saying 'Entree Libre' in the windows.
          Thankfully, they changed the law.

        • "It's like a store that requires you to pay a deposit just to go inside and look around with no refund if you don't buy anything."

          You mean like estimates for trade services? I HATE the fact I can't get an estimate on a repair without a $125.00 "deposit" that will get absorbed if I go ahead with the repair.

          I can understand their time and everything, but come on, why am I paying for their travel time for an estimate?

          I tend to avoid those people at all costs, pun intended.

          Yo Grark
          • by Pascoea ( 968200 )

            why am I paying for their travel time for an estimate?

            Because someone has to pay the person to show up at your door. You either pay them directly to show up, or it's baked into the cost of whomever you ultimately purchase the service from. Most places just bake that in to their product cost, I haven't seen too many companies that charge to produce an estimate.

        • by nasor ( 690345 )
          Ever hear of a cover charge?
      • But here is the problem... you cannot even get in to see if there is anything you want to buy before having to sacrifice something. That is wrong no matter how you slice the pie. But that is the unfortunate future.

        I agree with you in principle however that doesn't withstand legal scrutiny which doesn't consider if you know or don't know what you want at the other side of the wall. This is why it is legal in many countries for your bags to be searched providing the condition of enter into the store that they may search your bag is presented to you *before* you enter and not when you attempt to leave.

        The issue may be different in the USA where the limits between private and public are blurred with the principle of an a

      • by ljw1004 ( 764174 )

        That was a really well-explained answer. Thanks!

      • by nasor ( 690345 )
        You misunderstand the nature of the transaction. The purchase occurs when you accept the cookie in exchange for access to the site's content. Agreeing to the cookie in exchange for access to the site is equivalent to paying money in exchange for a book. You don't know exactly what's in the book (if you did, the book would be useless) but you probably have some idea as to what it's about, and you decide you're willing to pay to read it. Yes, you might end up disappointed if the book is bad or not what you th
      • by Merk42 ( 1906718 )

        Let me help you out then. What if a store you just walked into wanted you to carry a tracker on your person just to get into their doors...

        A store wanting to know where I am and what I'm doing while I'm there? Like a security camera?

    • Re:I don't get it (Score:5, Informative)

      by LucasBC ( 1138637 ) on Wednesday May 06, 2020 @10:18AM (#60028374)

      Cookies themselves are not the issue. It's what they are being used for. That has been the biggest misunderstanding about complying with the GDPR on websites.

      If your cookie is simply setting a state in some anonymous fashion (e.g. "ClosedDialog=Yes"), the GDPR isn't concerned about that. However, if those cookies are used to store any kind of personally-identifiable information, even if it's a unique code or number for that person, which you intend to use to track their activity, THEN you must get their consent.

      Now, if that user needs to sign up to your site to gain access, the process of creating an account is where you get their consent. However, if a user is just a random visitor from the internet with no need to log in, and you still want to track their activity, that's when a consent pop-up is typically used. But the GDPR requires that you cannot force them to answer "yes", you cannot default their choice to "yes", and you cannot bind their consent to any other activity. If they say "no" or don't answer, then you can't track them, and you have to allow them to access what is otherwise public information. It's a simple as that.

      • It's not public information. It's their product they want to get paid for.

        Why should they give it up without being paid?

        • Re:I don't get it (Score:5, Informative)

          by LucasBC ( 1138637 ) on Wednesday May 06, 2020 @10:59AM (#60028552)

          If the visitor can access the information without logging in, it's public information. And sorry, the GDPR prohibits one from tracking them without their consent. So, if this disrupts the business model for being paid, one needs to find a different business model. That may entail making the information private and requiring users to create accounts first, at which point their consent can be gained.

        • It's not public information.

          If it's presented to the public it becomes public information. There are very few countries or places in the world where you can broadcast something freely and then shake down people for it afterwards.

          The parent made the difference clear: sign-up / login is the boundary. You can't have completely publicly accessible content in a public area free to access for everyone and then declare "it's private information, pay me for the privilege that you came here".

        • by bsolar ( 1176767 )

          Whether it's public information or not is irrelevant.

          In the EU you can tie the request for processing personal data to a service only as long as such processing is strictly necessary to operate the service provided.

          Note that the mere need for monetization is no such thing: if your service can function without personal data processing, you are not allowed to tie personal data processing to it no matter how much your business model needs that money to survive.

          This leaves the other option for requesting the ab

    • Re: I don't get it (Score:4, Informative)

      by getuid() ( 1305889 ) on Wednesday May 06, 2020 @10:19AM (#60028382)

      Same reason why literally asking for an arm and a leg, or a kidney, in exchange for something else (e.g. a car) is illegal: because people carefully reading your terms, weighting their options, and making the decision that best suits them is an illusion.

      The reality is that most people are easily influenced by momentarily emotional states a lo more easily than by arguments accesible to reason. Whoever has the resources to influence said emotions will, in the log run, win against the best interests of their cusomers -- or society at large.

      For webites this means that people will click on anything in the heat of the moment just to get to the content, the've been conditioned to want *right* *now*.

      It's commonly called an "anti-pattern".

      If you truly, genuinely want to offer content to informed people, the you can, for example, require a paid membership, and pay the member an amount of money equalling their membership fee if they consent to your surveilllance. This is perfectly legal, but hardly anyone would do it, unless your content is *really* worth that money (which usually it isn't).

    • by Jahta ( 1141213 )

      I don't agree with this; why can't I condition access to my content on someone accepting cookies? Seems like a fair system to me... you are offered access in return for me setting some cookies on your system. Can someone explain to me how this isn't reasonable?

      Two reasons. (1) most web use cases don't require cookies; even if you have to maintain some sort of user session there are ways to do that without cookies. (2) The explosion of the use of cookies (particularly third-party cookies) to track people across the web, which is a privacy issue.

      • The only way to maintain a session is to use a token of some sort, which is just a cookie by any other name. Anyway, session cookies aren't prohibited so it's a moot point.

      • What explosion? Cookies in general, and third-party tracking cookies for advertising purposes in particular, are nothing new. Hell... I still remember all of the double-click hate on Slashdot since well before they were acquired by Google in 2007. BFD. Anyone who has a problem with it can easily manage it at their own computer and browser level, as per their own preferences. There is no need for a massive one-size-fits-all solution imposed on everyone.

        Browser fingerprinting, IMO, is the bigger issue, si

    • by bsolar ( 1176767 )

      In the EU you can process personal data only in mainly 2 cases:

      • You need the data processing to perform a contract or service requested by the subject.
      • The subject freely consents to you being able to process the personal data.

      If you actually need to be able to process personal data you can definitely tie that to the access to your service: e.g. if someone doesn't allow you to process his/her home address it's perfectly fine for you to exclude that someone from your home delivery service. Without being able

      • by Junta ( 36770 )

        I suppose the rub is that a company is currently mandated to make clear that their 'free' service is funded by data they gather through cookies. People interpreted GPDR as meaning this now has to be made clear and up front, which is good. I see a GPDR warning about cookies and I can click on out of there because I don't want to participate. This is all very good, users know more about what they could get into and the option to decline.

        Now the issue seems to be that they are saying you can't even make that e

    • Because you abused it.

    • Because you either offer the content without conditions, or you put the content behind a specific wall, other than cookie agreement. Paywalls are fine. Ads are fine. Tracking cookies enabled forever in exchange for reading a couple paragraphs and never visiting that website again is not fine.

    • You don't get it because you constructed a strawman based on a paraphrase of the decision in the summary of an article.

      The ruling isn't even about cookies per se. The improper condition is requiring data priotection to be waived to get access to the site. Cookies are just the most popular mechanism of recording that condition, but not the only mechanism. It's not even the only mechanism mentioned in the title.

      If you properly managed data privacy, but required cookies on your site for some other reason, the

    • Because the EU considers that trading access to the economic sphere for invasion of privacy is not a legitimate trade. It is the same theory as US invalidation of any slavery contract -- EU treats online privacy as a right that cannot be signed away in order to prevent it from being coerced away.
    • It may be reasonable, but it is explicitly forbidden by GDPR. That's why you can't do it.

      Answers to the "and why it is forbidden" question were already given.

    • I don't agree with this; why can't I condition access to my content on someone accepting cookies? Seems like a fair system to me... you are offered access in return for me setting some cookies on your system. Can someone explain to me how this isn't reasonable?

      The explanation you're looking for is exactly where one would expect it to be, the EDPB guidelines: https://edpb.europa.eu/sites/e... [europa.eu] specifically:

      86. Example 16: Based on recital 32, actions such as scrolling or swiping through a webpage or similar user
      activity will not under any circumstances satisfy the requirement of a clear and affirmative action: such
      actions may be difficult to distinguish from other activity or interaction by a user and therefore
      determining that an unambiguous consent has been obtain

  • Extortion? (Score:2, Insightful)

    You mean extortion is illegal?

    Shiver me timbers, who knew?

    • It's "extortion" in the same sense as entrance fees for a facility, or liability wavers for dangerous sports. In other words, it's not, it's an agreement in exchange for a service. The argument that cookie walls aren't genuine consent is just objectively wrong: the visitor is making a free choice to agree to the terms and use the service, or disagree with the terms and not use the service. Unless of course the visitor is somehow obligated to use the service anyway (such as for e.g. an online rental payment

      • Your analogy might work if venues required you to implant a subdermal tracker before entry that continued to track your whereabouts months after the event. And they did this surreptitously through a hand stamp. And outside the EU, they don't even have to tell you they're doing it.

        So, yeah, at some point abusive behavior needs to be regulated when all the concert venues switch to this system and demonstrate they aren't responsible enough to handle this technology without regulations.

        • by Junta ( 36770 )

          And they did this surreptitously through a hand stamp.

          But what if before the stamp they up front say 'look, this stamp will let us track your activity around town for as long as we like, but you do get to enjoy our services without additional charge in exchange', it wouldn't be so surreptitious.

          Now if you say "holy crap, that is too creepy to ever allow, you shouldn't even be able to ask consent", ok that's a consistent position, and one I would actually not mind at all.

          If you say "ok, as long as it is crystal clear about the privacy implications", then that's

  • Sites that ask for my personal data before I've even read a single word of their content are crap.

    Where's the "refund" if the content turns out to be useless?

  • pay wall? (Score:4, Insightful)

    by jonsmirl ( 114798 ) on Wednesday May 06, 2020 @09:56AM (#60028296) Homepage

    If the purpose of collecting data is to sell it to raise money to fund the development of the site, then what do they want? Are they asking for a choice on each web site that says either pay $$$ or let the site harvest your data? Large pieces of the web are funded by harvesting data. Giving you the choice of full access without harvesting or paying does not provide financial support to the web site developer.

    • Re: (Score:3, Insightful)

      Are they asking for a choice on each web site that says either pay $$$ or let the site harvest your data?

      It's a bit deeper than that: they're trying to break:

      Large pieces of the web are funded by harvesting data.

      By forcing them not to leverage for user consent thereby violating the definition of "consent," they are in turn forcing them to adopt revenue models which don't rely upon data mining of users. This, in turn, brings the web back closer to before data mining was a major thing from a financial perspective such that non-data-miners can compete on equal footing. The long-term effect would likely be data-mining disappearing as a primary revenue pipeline if t

      • Re:pay wall? (Score:5, Informative)

        by nasor ( 690345 ) on Wednesday May 06, 2020 @12:48PM (#60029072)
        They can still make money displaying adds. This might shock you, but many people were supporting websites with adds long before the advertisers started tracking everyone. Want to have your mind REALLY blown? Waaaaay back before about 1995, there was a ton of free stuff on the internet with virtually no adds at all, in total defiance of what an MBA would believe possible.
    • If the purpose of collecting data is to sell it to raise money to fund the development of the site, then what do they want?

      They want to you to find a new business model, as there's no realistic chance of convincing a sufficient number of users to give away their personal information, without forcing them to do it, tricking them into doing it, or going behind their back to collect it.

    • Exactly. And if they can't find another way to finance their website besides spying on you then fuck them.

    • They are trying to specify and make clear what an informed, specific, freely given, and withdrawable choice actually is, since it is a rather vague concept. Read through the examples in the actual document [europa.eu], they are more clear than the text itself.

      Example 1: A mobile app for photo editing asks its users to have their GPS localisation activated for the use of its services. The app also tells its users it will use the collected data for behavioural advertising purposes. Neither geolocalisation or online behavioural advertising are necessary for the provision of the photo editing service and go beyond the delivery of the core service provided. Since users cannot use the app without consenting to these purposes, the consent cannot be considered as being freely given.

      In this case, the app can not use the condition of providing location data as a reason to deny access to the app since it is not required by the app itself. Can they ask for it - Yes. If consent is granted can they process it - Yes. But they can not require it

    • by swilver ( 617741 )

      What is funded on the web using this personal data is mostly garbage ad-harvesting websites designed to grab your attention with open ended teaser questions like:

      "The X things you didn't know about Y"
      "X ways to improve Y but you're not doing"
      "Would X be better if it did Y?"

      No value will be lost if sites like those die, in fact, I think it will create value.

    • If the purpose of collecting data is to sell it to raise money to fund the development of the site, then what do they want?

      There are many ways to fund something, no need to default to data harvesting.

      Are they asking for a choice on each web site that says either pay $$$ or let the site harvest your data? Large pieces of the web are funded by harvesting data.

      Yes and yes.

      Giving you the choice of full access without harvesting or paying does not provide financial support to the web site developer.

      The developer is more than able to provide access via a login/portal if the latter is something they feel about. But you can't go put a sign in the street saying "The condition of you having read this sign is that you give me your name and carry this tracking beacon".

      • There are many ways to fund something, no need to default to data harvesting.

        Yeah, the days when advertising is required to fund the internet are over. There are so many ways to fund content these days that ad-clicks are no longer necessary.

    • EU has taken the position that making money by harvesting data is not an acceptable way to fund your website. They've pushed several out of business.
  • by gnasher719 ( 869701 ) on Wednesday May 06, 2020 @10:06AM (#60028332)
    On this time, from time to time (maybe weekly) there's a popup where I'm asked to consent to Cookies, two options "reject" and "accept" (can't remember the words), you click on "reject" and that's it. Well, it's actually what the law says, but many don't work that way. WebMD changed just recently, and for that site I felt it was more inappropriate than for others.

    Many sites still refuse access if you don't agree. MacRumors makes you go through a lengthy process, including displaying a list of advertisers that I'd need to deselect individually, plus advertisers who illegally don't let me opt out at all. ArsTechnica was worse at times.

    The correct way: One popup, with a choice "Reject", and a choice "Accept" and a choice "Configure" if they like. Anything more than a single click to use the site without cookies is illegal.
  • by Megol ( 3135005 ) on Wednesday May 06, 2020 @10:19AM (#60028378)

    Cookies are required for many sites to function at all and I'm honoring the /. tradition of not reading the linked article...

    • My understanding is it only applies to tracking cookies. Session cookies and those used to preserve app state (such as the fact you clicked "no cookie") are exempt.

    • Cookies are required for many sites to function at all and I'm honoring the /. tradition of not reading the linked article...

      The GDPR and the previous privacy laws have never covered cookies essential to the function of the site.

      • by green1 ( 322787 )

        I just wish there was at least one website developer out there that realized this, because it seems every single site has a cookie popup, regardless of what types of cookies they use (and funilly enough, regardless of what countries they're even accessible in!)

  • Can someone explain why it is so difficult to block these tracking cookies?

    When I visit slashdot.org, I login and get a cookie for slashdot.org. That's pretty much the only legitimate usage for a cookie. When slashdot.org displays a banner ad from adtracker.com, let them set their tracking cookie, that's fine. The problem only arises when I visit news123.com and they also display a banner ad from adtracker.com. They want to read the cookie they got from slashdot.org. Just don't let them. Make that anot

    • by amorsen ( 7485 )

      How will you implement that? Will adtracker.com end up setting different cookies for apple.slashdot.org and tech.slashdot.org?

      This breaks the whole point of third party cookies. If you accept that third party cookies are illegitimate and should be broken, just go into Firefox options and tell Firefox not to accept third party cookies.

      Your proposal achieves the same but with new complicated code having to be written.

      (For the record, I think that third party cookies are illegitimate and should be broken, so i

      • by MobyDisk ( 75490 )

        How will you implement that? Will adtracker.com end up setting different cookies for apple.slashdot.org and tech.slashdot.org?

        Yes, that's exactly what I want to do.

        This breaks the whole point of third party cookies. If you accept that third party cookies are illegitimate and should be broken, just go into Firefox options and tell Firefox not to accept third party cookies.

        My proposal is different from not accepting the cookies. If you do that, then the Javascript on the page detects it, and displays popups telling you to re-enable it.

        After posting this, I found that there are proposals [cookie-script.com] to do exactly this, but they seem to be watered down and require the web site to request this form of cookies rather than the browser doing it.

  • Comment removed (Score:4, Informative)

    by account_deleted ( 4530225 ) on Wednesday May 06, 2020 @10:27AM (#60028410)
    Comment removed based on user account deletion
    • BTW regardless of any EU legislation, cookie blocking is what popular browsers like Firefox or extensions like uBlock Origin and Privacy Badger do automatically for you.

      Some sites refuse to work if you block cookies. I suppose these tools could be modified to supply fake cookies?

    • ...cookie blocking is what popular browsers like Firefox or extensions like uBlock Origin and Privacy Badger do automatically for you.

      Unfortunately, blocking cookies creates a problem whereby it's sometimes impossible to dismiss those cookie/consent dialog boxes because even the "no" answer doesn't get saved. One is stuck having part of the screen blocked, or the entire site becomes inaccessible if it uses a full-page modal consent dialog.

  • by spikenerd ( 642677 ) on Wednesday May 06, 2020 @10:54AM (#60028524)
    Web-sites will just make cookies required for an "improved experience", and the difference will be ...well, non-trivial.
    • No you don't. Claiming that a user being tracked improves experience doesn't withstand legal scrutiny in the EU. I mean you can try it, just don't come crying back when you get screwed by the laws. No need for technical people to get involved, the lawyers are more than capable of handing you some lube.

  • Sounds like they are saying anything goes.

    If you don't have the wall, then they're just going to take it.

    Some guy in Brussels just felt aggrieved for having to click on something without realizing their zealous data protection body caused this mess.
  • Back when we read printed newspapers, we tolerated ads just fine. But those printed ads didn't track you, use your computing resources to mine bitcoins, and play animated videos. Advertising is fine, just not in the current form. We understand that journalism and publishing cost money, and we are fine to pay for it by ads. And we can't legislate away advertising under the guise of protecting our data. We need to either put up or shut-up here: either pay for your news (I subscribe to The Guardian) or new

  • by WillAffleckUW ( 858324 ) on Wednesday May 06, 2020 @12:48PM (#60029070) Homepage Journal

    The Right of Privacy is a guaranteed right in the Canadian Constitution and can not be given away or obscured through such means, and any Canadian Citizen or Canadian Resident (in Canada or territories) has this Right.

    it can't be subsumed by "you must accept this cookie" legal fake language.

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...