Jan Wildeboer π·
Tech bros love to whine about "The EU cookie policy" that simply doesn't exist the way they imagine it. All these popups are the most radical way to interpret the explicit consent demanded by regulations when sending data to a 3rd party or collecting personal data by the site itself. An ongoing provocation by the ad/tracker industry to blame their ruthless data hoarding on the EU.
Every time you see such a cookie consent pop-up, you know you are on a website that has accepted to share your data with some data collecting entity. That they are willing to hand over parts of the page content to be filled by a 3rd party. And allow that 3rd party to aggregate and sell their visitors data to the highest bidder. So stop blaming "the EU" and ask yourself if this is the internet we want.
The ad/tracker "industry" used the same tactics to ruin the DNT (Do Not Track) flag that we had years ago. Because they simply don't WANT to give users an option to just say no. And they have convinced their customers that "enhancing" the web with these popups is the only acceptable way to work. And these customers just accept that.
To make this very clear: user/visitor consent is only needed for data typically going to 3rd parties. All cookie laws, including GDPR and CCPA, allow essential first-party cookies to be exempt from collecting user consent before performing their actions. So the simple, non-persistent session cookie on your site DOES NOT need a consent popup AT ALL. Regardless of what the ad/tracker "industry" tries to insinuate.
And finally: This is all IMHO. My personal frustration. The web wasn't created to be an invasive data collection engine in the hands of a few. It became what it is for many reasons. But it doesn't have to stay that way. Do your little part. Create static pages whenever that's sufficient. Resist including external scripts/tracker stuff. We can return to a #BetterWeb :) Yes, I am that optimistic!
OK. Some more clarifications now that this thread has hit Hacker News. For cookies under GDPR consent is needed for the "not strictly necessary" ones. This typically means all 3rd party (tracking) cookies that are not strictly needed for the website to work. 1/n
Strictly necessary cookies, like simple session cookies that are valid until the end of the session and used e.g. to store/refernce form inputs ARE exempted. This typically boils down to 1st party cookies. BUT. If you store not strictly necessary information in that same or another 1st party cookie, consent is needed. 2/n
If you use technologies like analytics and DO NOT store individual information about the data subject (GDPR lingo for user/visitor) like IP address you again are exempted. 3/n
Does this sound complicated? Yes. But not that much, IMHO. Whenever you store information that contains PD (Personal Data) that is not strictly necessary for your site to work, you need consent.. BUT that does NOT mean these gargantuan popups with a gazillion of options the ad/tracking "industry" forces upon us. A simple yes/no is sufficient and actually mandated. 4/n
UPDATE: changed PII (personally identifiable information) to PD (Personal data) as in GDPR PD is the context.
A good example: https://european-union.europa.eu/index_en A non-intrusive bar at the bottom with a clear choice. That doesn't block using the site (until you agree, the site treats you as if you have not agreed. Simple). With a link to clearly written explanation.
Frost, wolf of winter πΊπ
@jwildeboer The clear decline button is something we don't often see!
And then there's those companies that go "ah, yes, linking your different devices together is an Essential Thing!" *growls*