←back to thread

Analysis of economic and productivity losses caused by cookie banners in Europe

(legiscope.com)
332 points vegasbrianc | 3 comments | 14 Nov 24 22:23 UTC | HN request time: 0.42s | source
Show context
diggan ◴[14 Nov 24 22:43 UTC] No.42141994[source]
Correct URL: https://legiscope.com/blog/hidden-productivity-drain-cookie-...

> This situation calls for an urgent revision of the ePrivacy Directive

Shame companies cannot live without tracking cookies, and shame that the blame somehow end up on the regulation, rather than the companies who are the ones who introduce this cookie banner and "massive productivity loss".

You know the best way of not having to put up cookie banners on your website? Don't store PII in cookies. You know the best way of not having to care about GDPR? Don't store PII.

replies(5): >>42142003 #>>42142011 #>>42142019 #>>42142081 #>>42142098 #
JumpCrisscross ◴[14 Nov 24 22:45 UTC] No.42142011[source]
> shame that the blame somehow end up on the regulation, rather than the companies who are the ones who introduce this cookie banner and "massive productivity loss"

You can wish upon a star that humans weren’t the way we are. In the real world, this was a predictable response to a stupid rule. (And in some cases a necessary one. For example, for websites requiring a login or reliant on ads.)

> know the best way of not having to care about GDPR? Don't store PII

This is a nothing to hide argument [1]. Proving compliance with GDPR is tedious and expensive even if you’re fully compliant. (Proving no jurisdiction is easier.)

[1] https://en.m.wikipedia.org/wiki/Nothing_to_hide_argument

replies(2): >>42142036 #>>42142159 #
diggan ◴[14 Nov 24 22:47 UTC] No.42142036[source]
> this was a predictable response to a stupid rule

It was predictable that ultimately people would blame the regulation instead of the companies? Not sure I understand what you mean, and even if you meant what I think you meant, not sure what the point is? People blame all sorts of things all the time...

Edit since you've added more to your comment

> Proving compliance with GDPR is tedious

That's my point. No need to prove compliance if GDPR doesn't apply.

replies(2): >>42142042 #>>42142054 #
JumpCrisscross ◴[14 Nov 24 22:49 UTC] No.42142054[source]
> predictable that ultimately people would blame the regulation instead of the companies

It was predictable this would result in disclosure/consent spam.

> No need to prove compliance if GDPR doesn't apply

If you are in the EU, GDPR applies. It may not be relevant. But you’re subject to it and its regulatory arms. (And if you have a competitor in the EU, it’s known practice you can waste time and money with requests and complaints.)

Both laws’ aims are noble. But they require tweaks. Starting with the cookie banners would be smart.

replies(1): >>42142097 #
1. diggan ◴[14 Nov 24 22:53 UTC] No.42142097[source]
> If you are in the EU, GDPR applies. It may not be relevant. But you’re subject to it and its regulatory arms.

I think you might be missing that I'm talking about this from the companies perspective, not from the perspective of a person inside EU.

If the company doesn't store any "personal data", GDPR has nothing to do with it. It's strictly about "personal data" as defined here: https://gdpr.eu/article-4-definitions/

> (And if you have a competitor in the EU, it’s known practice you can waste time and money with requests and complaints.)

Happen to have any quotes/sources for this? Would be the first time I've come across it myself. I'm genuinely interested in if it's being misused like that.

replies(2): >>42142298 #>>42143231 #
2. JumpCrisscross ◴[14 Nov 24 23:15 UTC] No.42142298[source]
> If the company doesn't store any "personal data", GDPR has nothing to do with it. It's strictly about "personal data"

You’re still obligated to respond to requests, even if it’s no response. And data regulators will still follow up on groundless complaints.

DMCA is strictly about copyright violation. If you’re not violating copyrights it should have nothing to do with you. But that isn’t how things play out in reality.

> have any quotes/sources for this?

No, just anecdotal. Every Magic Circle firm, however, will happily file complaints in multiple jurisdictions for you.

I’ll admit I’ve used GDPR a touch vindictively after a customer service interaction went poorly. Lots of requests, wait for a minor fuck-up, escalate to multiple data regulators because I technically have multiple nexuses. European equivalent of copying your state AG on a letter, except the burden to respond is on the company.

3. kasey_junk ◴[15 Nov 24 01:49 UTC] No.42143231[source]
I built a GDPR request deletion system for a company right as GDPR came into effect. In the first year the only requests that came in were from privacy advocates and competitors.

I don’t know if after that it saw more natural usage but I doubt it.