Jan Wildeboer π·
Tech bros love to whine about "The EU cookie policy" that simply doesn't exist the way they imagine it. All these popups are the most radical way to interpret the explicit consent demanded by regulations when sending data to a 3rd party or collecting personal data by the site itself. An ongoing provocation by the ad/tracker industry to blame their ruthless data hoarding on the EU.
Every time you see such a cookie consent pop-up, you know you are on a website that has accepted to share your data with some data collecting entity. That they are willing to hand over parts of the page content to be filled by a 3rd party. And allow that 3rd party to aggregate and sell their visitors data to the highest bidder. So stop blaming "the EU" and ask yourself if this is the internet we want.
The ad/tracker "industry" used the same tactics to ruin the DNT (Do Not Track) flag that we had years ago. Because they simply don't WANT to give users an option to just say no. And they have convinced their customers that "enhancing" the web with these popups is the only acceptable way to work. And these customers just accept that.
To make this very clear: user/visitor consent is only needed for data typically going to 3rd parties. All cookie laws, including GDPR and CCPA, allow essential first-party cookies to be exempt from collecting user consent before performing their actions. So the simple, non-persistent session cookie on your site DOES NOT need a consent popup AT ALL. Regardless of what the ad/tracker "industry" tries to insinuate.
And finally: This is all IMHO. My personal frustration. The web wasn't created to be an invasive data collection engine in the hands of a few. It became what it is for many reasons. But it doesn't have to stay that way. Do your little part. Create static pages whenever that's sufficient. Resist including external scripts/tracker stuff. We can return to a #BetterWeb :) Yes, I am that optimistic!
OK. Some more clarifications now that this thread has hit Hacker News. For cookies under GDPR consent is needed for the "not strictly necessary" ones. This typically means all 3rd party (tracking) cookies that are not strictly needed for the website to work. 1/n
Strictly necessary cookies, like simple session cookies that are valid until the end of the session and used e.g. to store/refernce form inputs ARE exempted. This typically boils down to 1st party cookies. BUT. If you store not strictly necessary information in that same or another 1st party cookie, consent is needed. 2/n
If you use technologies like analytics and DO NOT store individual information about the data subject (GDPR lingo for user/visitor) like IP address you again are exempted. 3/n
Does this sound complicated? Yes. But not that much, IMHO. Whenever you store information that contains PD (Personal Data) that is not strictly necessary for your site to work, you need consent.. BUT that does NOT mean these gargantuan popups with a gazillion of options the ad/tracking "industry" forces upon us. A simple yes/no is sufficient and actually mandated. 4/n
UPDATE: changed PII (personally identifiable information) to PD (Personal data) as in GDPR PD is the context.
A good example: https://european-union.europa.eu/index_en A non-intrusive bar at the bottom with a clear choice. That doesn't block using the site (until you agree, the site treats you as if you have not agreed. Simple). With a link to clearly written explanation.
And if you really care about the basics: this document from 2012(!) explains in quite a lot of detail which cookies are exempted and which are not: https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf
Frost, wolf of winter πΊπ
@jwildeboer The clear decline button is something we don't often see!
And then there's those companies that go "ah, yes, linking your different devices together is an Essential Thing!" *growls*
Alan Fuller@jwildeboer I agree, it isn't actually that hard for many websites to comply without an annoying popup.
Marcus Bointon@alan @jwildeboer more than that - by default all straightforward sites are compliant, at zero cost and effort. They then go out of their way to spend dev $$$ to add shitty tracking, and then complain about the cost effort required to remove it. Somehow the adtech industry has managed to convince people that the second step is required, when itβs entirely unnecessary.
@Synchro @jwildeboer you really mean Google Analytics don't you, which probably 99% of websites have installed and 99% of the website owners have no idea how to use the information it captures.
Niclas Hedhman@jwildeboer
Every now and then I check the list of "3rd parties" (with the silly option to on/off each one individually) and the list exceeded 300 companies.
But isn't it also that outside EU, there is no "cookies popup", or?
The current situation is insane, and I don't understand why almost no one cares about it.
@jwildeboer This is all really good to know, thanks!
ploum@jwildeboer : those gargantuan popups are all done by the same joint-venture which was founded with the intent of making it more complex for users to refuse tracking than to accept it.
According to some recent belgian judgment, those famous gargantuan popups are *not* GDPR compliant.
So this is illegal pro-tracking lobbies propaganda. But they managed to instill in people mind the idea that itβs EU fault. There are adverstisers, lying is their profession after allβ¦
https://www.linkedin.com/pulse/truth-behind-cookie-banners-alexander-hanff-cipp-e-cipt-fip-/
The truth behind cookie banners
Given all of the soundbites coming out of the UK over the past couple of weeks in relation to Cookie Banners - I decided it is time that someone told the truth about the history which led us to this point. First and foremost, what qualifies me to comment on these issues? The answer to that is really