←back to thread

332 points vegasbrianc | 8 comments | | HN request time: 1.251s | source | bottom
Show context
diggan ◴[] No.42141994[source]
Correct URL: https://legiscope.com/blog/hidden-productivity-drain-cookie-...

> This situation calls for an urgent revision of the ePrivacy Directive

Shame companies cannot live without tracking cookies, and shame that the blame somehow end up on the regulation, rather than the companies who are the ones who introduce this cookie banner and "massive productivity loss".

You know the best way of not having to put up cookie banners on your website? Don't store PII in cookies. You know the best way of not having to care about GDPR? Don't store PII.

replies(5): >>42142003 #>>42142011 #>>42142019 #>>42142081 #>>42142098 #
Alupis ◴[] No.42142081[source]
> Shame companies cannot live without tracking cookies

Most cookies are entirely benign. Many cookies (or something like a cookie) are required for a website to operate normally. The EU law, while good intentioned, was/is too broad and failed to understand the realities of operating websites. This regulation has caused the entire world to be annoyed with useless cookie banners that 99% of people just reflexively click through - just like all of California's Prop65 warnings are ignored today.

> Don't store PII.

These hard-line statements defy reality. Many websites have legitimate need to store PII.

> You know the best way of not having to care about GDPR?

Don't be in the EU?

Just ignore it. There are no consequences. If you don't have physical presence within the EU - there's little-to-zero the EU can do about it. The EU can think it's laws apply to the world all it wants - but the world disagrees.

replies(2): >>42142125 #>>42142131 #
whstl ◴[] No.42142125[source]
> Many cookies (or something like a cookie) are required for a website to operate normally

"Essential Cookies" do not need a consent banner.

Case in point: Hacker News is 100% compliant AFAIK and has no banner.

> Many websites have legitimate need to store PII.

If there is actual legitimate interest or legal requirements, such as collecting an address for delivering a package or performing fraud-prevention, there is also no need for cookie banners.

replies(1): >>42142350 #
1. Alupis ◴[] No.42142350[source]
And if that data is "transferred" to a 3rd party for that analysis (aka. a REST call into their API) then you are back to requiring these annoying banners.

Or, more common for ecommerce, "transferred" into an advertising algorithm so the business can gain more similar customers. Oh the horror!

replies(1): >>42142409 #
2. whstl ◴[] No.42142409[source]
What does "for that analysis" refers to? Fraud prevention?

If so, it is legitimate interest to do fraud prevention, so there's no need for a consent banner, first or third-party. Naturally you can't go and use this data for a purpose that has no basis under legitimate interest.

Another example: Cloudflare is running DDoS prevention under our noses here at HN, for example, but there's no need to ask for consent, even though Cloudflare is a third-party. Why? Because this is considered legitimate interest.

> Or, more common for ecommerce, "transferred" into an advertising algorithm so the business can gain more similar customers

For this you do need consent, if you transfer PII. If you don't want a banner you can replace it with a simple checkbox during the checkout process. Not only less hostile, but also more transparent than a banner.

replies(1): >>42142532 #
3. Alupis ◴[] No.42142532[source]
> What does "for that analysis"

To understand how customer's shop on my website. Heatmaps, view port, device type, screen resolution, frequency of browsing, where their mouse hovers the most, page dwell time, etc.

These are impossible tasks for most website operators to do themselves.

> For this you do need consent, if you transfer PII. If you don't want a banner you can replace it with a simple checkbox during the checkout process. Not only less hostile, but also more transparent than a banner.

Or... you can just ignore the EU because the EU doesn't matter. You know, like I originally asserted?

> If you don't want a banner you can replace it with a simple checkbox during the checkout process

This is the sort of mindset that crafted this poorly designed regulation in the first place. Most website operators are not going to willingly add a barrier at the final step of a conversion.

If you are going to use my property and resources - it's my rules or don't come. Pretty simple...

replies(3): >>42142862 #>>42142916 #>>42148547 #
4. ◴[] No.42142862{3}[source]
5. whstl ◴[] No.42142916{3}[source]
You don't need banners just because something is third-party. If there is no PII and/or legitimate consent, you don't need a banner. There are GDPR compliant analytics platforms, fraud prevention, third-party payment gateways, for example. They don't need banners.

As for the rest, it's quite inflammatory and I don't know how it relates to my comment, so I'll refrain from answering.

replies(1): >>42143804 #
6. what ◴[] No.42143804{4}[source]
You don’t need banners period. The EU doesn’t get to tell people how to operate their web properties. If EU citizens don’t like it, they can stop visiting those properties. Even simpler.
replies(1): >>42144048 #
7. tbrownaw ◴[] No.42144048{5}[source]
> The EU doesn’t get to tell people how to operate their web properties.

Well, except for all the people in the eu. I'm pretty sure the eu does get to tell those people to do or not do things, online or not.

8. immibis ◴[] No.42148547{3}[source]
> Heatmaps, view port, device type, screen resolution, frequency of browsing, where their mouse hovers the most, page dwell time, etc.

Sounds like information that is not personally identifying - if handled well.