←back to thread

332 points vegasbrianc | 4 comments | | HN request time: 0s | source
Show context
ryandrake ◴[] No.42142148[source]
People blame the cookie banners themselves or the legislation that "made them necessary" but somehow never seem to blame the web companies for doing the naughty things on their websites that make them subject to the law.

The "cookie banner problem" exists because it's primarily end users that are shouldering the burden of them, and not the companies. For the company, it's a one time JIRA ticket for a junior software engineer to code up a banner. For everyone else, it's thousands of wasted seconds per year. Make the law hit companies where it hurts: their balance sheets.

replies(11): >>42142202 #>>42142212 #>>42142251 #>>42142326 #>>42142345 #>>42142452 #>>42142625 #>>42143095 #>>42143203 #>>42144003 #>>42144503 #
legitster ◴[] No.42142202[source]
> never seem to blame the web companies for doing the naughty things on their websites

Part of the problem is that the law didn't seek to distinguish between tame first-party cookies and the really naughty third-party cookies so the burden is equal regardless of how malicious the service is.

> For the company, it's a one time JIRA ticket for a junior software engineer to code up a banner.

This is actually not true. There's a lot more that goes into a cookie banner than you might realize, and there's now an industry dominated by a small handful of players (Osano vs OneTrust)

replies(7): >>42142217 #>>42142245 #>>42142273 #>>42142291 #>>42142347 #>>42142352 #>>42150500 #
ffsm8 ◴[] No.42142245[source]
It did though? You don't need a banner for actually legitimate use (session Cookie, settings, etc)

The things they're calling legitimate use just isn't, which is why they need banners.

replies(2): >>42142265 #>>42142396 #
diggan ◴[] No.42142265[source]
I keep seeing this misinformation going around, and it has been going around since almost day 1 of when the directive became known. I'm not sure where it's coming from, or who initially thought it worked like that, but judging by the comments in this submission it seems like a ton of people are very misinformed about how these things actually work.
replies(2): >>42142355 #>>42142383 #
azinman2 ◴[] No.42142355[source]
So how to these things actually work?
replies(1): >>42142520 #
1. 6510 ◴[] No.42142520{3}[source]
Anything goes as long as it is useful for the user.

Funny example: If they chose not to accept your spying cookies you get to set a cookie to store that choice.

replies(1): >>42143302 #
2. dkarras ◴[] No.42143302[source]
Someone might think: surely seeing ads targeted for them instead of random ads must be useful / beneficial for the user!
replies(1): >>42145260 #
3. hnbad ◴[] No.42145260[source]
The first step is data minimization. The second step is informed and revokable consent. Everything else follows from there.

Do targeted ads increase the amount of personal data that needs to be stored and processed and the number of entities that will access it? Yes they do. Are they required for the site to serve its stated purpose? No, unless the site is marketing itself as literally a curated stream of targeted ads. So they require informed and revokable consent (i.e. opt-in). Even if you think they're beneficial to the user.

It's not about what's beneficial. It's about what's required. That's why most sites try to group services by categories like "functional", "analytics", etc. If you want to embed a Google Maps view to help people find your physical store, that's beneficial but still requires consent because it shares their data with a third party (i.e. Google) when the browser loads that map. Of course in this case you don't even need a banner, you could just have a placeholder (often called "content blocker") instead of the map with the option to consent to loading the map and storing that decision so the user doesn't have to see the placeholder again.

replies(1): >>42146698 #
4. 6510 ◴[] No.42146698{3}[source]
I think you could also link to google maps.