Most active commenters
  • randomdata(4)
  • secondcoming(3)

←back to thread

Analysis of economic and productivity losses caused by cookie banners in Europe

(legiscope.com)
332 points vegasbrianc | 15 comments | 14 Nov 24 22:23 UTC | HN request time: 0.211s | source | bottom
Show context
uniqueuid ◴[15 Nov 24 08:34 UTC] No.42144954[source]
I am kind of frustrated by the widespread misunderstandings in this thread.

Laws are best when they are abstract, so that there is no need for frequent updates and they adapt to changing realities. The European "cookie law" does not mandate cookie banners, it mandates informed consent. Companies choose to implement that as a banner.

There is no doubt that the goals set by the law are sensible. It is also not evident that losing time over privacy is so horrible. In fact, when designing a law that enhances consumer rights through informed consent, it is inevitable that this imposes additional time spent on thinking, considering and acting.

It's the whole point, folks! You cannot have an informed case-by-case decision without spending time.

replies(16): >>42145020 #>>42145131 #>>42145155 #>>42145209 #>>42145333 #>>42145656 #>>42145815 #>>42145852 #>>42146272 #>>42146629 #>>42147195 #>>42147452 #>>42147781 #>>42148046 #>>42148053 #>>42150487 #
1. pickledoyster ◴[15 Nov 24 09:42 UTC] No.42145333[source]
Yes. It's not the regulation but the misguided implementation that's to blame.

Sites and cookie banner plugins could just accept DNT signals from browsers and no productivity would be lost.

replies(2): >>42145475 #>>42146292 #
2. randomdata ◴[15 Nov 24 10:08 UTC] No.42145475[source]
DNT does not provide informed consent. It may, if set to not track, imply denial, but the reverse is not true. If DNT is accepting or unset, the site needs to fall back to the banner to get consent. And at that point you may as well prompt everyone with the banner instead of complicating the codebase with extra logic for a DNT edge case.
replies(3): >>42145575 #>>42146222 #>>42149038 #
3. ben_w ◴[15 Nov 24 10:30 UTC] No.42145575[source]
Mm.

For existing privacy options — location, microphone, camera — Safari on iOS has the options of "ask"/"deny"/"allow".

I wouldn't be surprised by legislation for a Do Not Track option in DMA designed Gatekeepers' browsers, defaulting to "ask", where all three options must be handled accordingly by websites.

"Ask" would also have to be the default behaviour when no preference is transmitted.

replies(1): >>42145671 #
4. randomdata ◴[15 Nov 24 10:45 UTC] No.42145671{3}[source]
Again, as the law in question requires informed consent, "allow" and "ask" end up being the same thing. A new DNT law as you propose would contradict the other law of which we speak.
replies(1): >>42146322 #
5. account42 ◴[15 Nov 24 12:17 UTC] No.42146222[source]
I doubt there would be any concerns with "complicating the codebase" (really?) if there was a Yes-Track header that gave consent but no negative signal.
replies(1): >>42147633 #
6. secondcoming ◴[15 Nov 24 12:29 UTC] No.42146292[source]
There is a new signal, GPC, that does the same thing and has been blessed by the advertising industry.

[0] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Se...

replies(1): >>42146519 #
7. Ntrails ◴[15 Nov 24 12:34 UTC] No.42146322{4}[source]
Informed generalised denial could be accepted and no cookie banner shown surely?

In much the same way no banner is required if no cookie is being set.

8. JimDabell ◴[15 Nov 24 13:02 UTC] No.42146519[source]
> Non-standard: This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.

I tried looking at the various browser standards positions, and as far as I can see, nobody has even asked Blink or WebKit if they are interested in supporting it. Is there any movement on this at all? The official website says that it’s part of “several major browsers”, but this seems dishonest when the biggest browser that supports it is Firefox with ~2.5% market share and no actual major browser seems to be aware of its existence.

replies(1): >>42149106 #
9. randomdata ◴[15 Nov 24 15:15 UTC] No.42147633{3}[source]
There is a "Yes-Track" header – DNT: 0

Granted, you can't legally use it like that where EU laws apply, per the GDPR. Hence the complaints about the GDPR you see in other comments.

replies(1): >>42149132 #
10. ◴[15 Nov 24 17:38 UTC] No.42149038[source]
11. secondcoming ◴[15 Nov 24 17:43 UTC] No.42149106{3}[source]
There's movement from the Internet Advertising Bureau, they explicitly say that this signal must be adhered to if the header is present, and this signal must be forwarded to Demand Side Platforms.
replies(1): >>42149393 #
12. smolder ◴[15 Nov 24 17:45 UTC] No.42149132{4}[source]
It's not really a Yes Track if it's simply absent. The user hasn't requested to be tracked. I'm not even sure with it set to 0 that you can assume that intent. I guess it would depend on the browsers behavior, but as you say the law is not compatible with that use.
replies(1): >>42149603 #
13. JimDabell ◴[15 Nov 24 18:10 UTC] No.42149393{4}[source]
I mean is there any movement in getting major browsers to adopt this?

Normally when a spec. like this is written that needs adoption from web browsers, an explainer is written and then the major rendering engines are asked for their feedback. For instance, here’s an explainer:

https://github.com/krgovind/first-party-sets

Here’s where WebKit was asked for their position on it:

https://github.com/WebKit/standards-positions/issues/93

Here’s where Mozilla was asked for their position on it:

https://github.com/mozilla/standards-positions/issues/350

Here’s the process Blink goes through to get a new feature like this going:

https://www.chromium.org/blink/launching-features/

I tried to find where this was done for GPC and couldn’t find anything. Did they just write a spec. and not bother doing any of the work involved in getting it adopted? Or is there progress being made that I didn’t see? Hence my question: Is there any movement on this at all? Or is the process of getting it adopted by Blink and WebKit at absolute zero?

replies(1): >>42150778 #
14. randomdata ◴[15 Nov 24 18:37 UTC] No.42149603{5}[source]
According to the specification,

DNT: 0 = Yes, track me.

DNT: 1 = No, do not track me.

> I'm not even sure with it set to 0 that you can assume that intent.

That's the problem. Someone not paying attention might inadvertently set DNT: 0, which is why the law is written the way it is. But at the same time we have techies who knowingly and carefully set such values and want the service to acknowledge it, contrary to the law. Hence the contention.

15. secondcoming ◴[15 Nov 24 20:43 UTC] No.42150778{5}[source]
I have no idea about browser adoption. I’m just aware of adtech’s requirements around it.