←back to thread

332 points vegasbrianc | 9 comments | | HN request time: 1.267s | source | bottom
Show context
uniqueuid ◴[] No.42144954[source]
I am kind of frustrated by the widespread misunderstandings in this thread.

Laws are best when they are abstract, so that there is no need for frequent updates and they adapt to changing realities. The European "cookie law" does not mandate cookie banners, it mandates informed consent. Companies choose to implement that as a banner.

There is no doubt that the goals set by the law are sensible. It is also not evident that losing time over privacy is so horrible. In fact, when designing a law that enhances consumer rights through informed consent, it is inevitable that this imposes additional time spent on thinking, considering and acting.

It's the whole point, folks! You cannot have an informed case-by-case decision without spending time.

replies(16): >>42145020 #>>42145131 #>>42145155 #>>42145209 #>>42145333 #>>42145656 #>>42145815 #>>42145852 #>>42146272 #>>42146629 #>>42147195 #>>42147452 #>>42147781 #>>42148046 #>>42148053 #>>42150487 #
pickledoyster ◴[] No.42145333[source]
Yes. It's not the regulation but the misguided implementation that's to blame.

Sites and cookie banner plugins could just accept DNT signals from browsers and no productivity would be lost.

replies(2): >>42145475 #>>42146292 #
1. randomdata ◴[] No.42145475[source]
DNT does not provide informed consent. It may, if set to not track, imply denial, but the reverse is not true. If DNT is accepting or unset, the site needs to fall back to the banner to get consent. And at that point you may as well prompt everyone with the banner instead of complicating the codebase with extra logic for a DNT edge case.
replies(3): >>42145575 #>>42146222 #>>42149038 #
2. ben_w ◴[] No.42145575[source]
Mm.

For existing privacy options — location, microphone, camera — Safari on iOS has the options of "ask"/"deny"/"allow".

I wouldn't be surprised by legislation for a Do Not Track option in DMA designed Gatekeepers' browsers, defaulting to "ask", where all three options must be handled accordingly by websites.

"Ask" would also have to be the default behaviour when no preference is transmitted.

replies(1): >>42145671 #
3. randomdata ◴[] No.42145671[source]
Again, as the law in question requires informed consent, "allow" and "ask" end up being the same thing. A new DNT law as you propose would contradict the other law of which we speak.
replies(1): >>42146322 #
4. account42 ◴[] No.42146222[source]
I doubt there would be any concerns with "complicating the codebase" (really?) if there was a Yes-Track header that gave consent but no negative signal.
replies(1): >>42147633 #
5. Ntrails ◴[] No.42146322{3}[source]
Informed generalised denial could be accepted and no cookie banner shown surely?

In much the same way no banner is required if no cookie is being set.

6. randomdata ◴[] No.42147633[source]
There is a "Yes-Track" header – DNT: 0

Granted, you can't legally use it like that where EU laws apply, per the GDPR. Hence the complaints about the GDPR you see in other comments.

replies(1): >>42149132 #
7. ◴[] No.42149038[source]
8. smolder ◴[] No.42149132{3}[source]
It's not really a Yes Track if it's simply absent. The user hasn't requested to be tracked. I'm not even sure with it set to 0 that you can assume that intent. I guess it would depend on the browsers behavior, but as you say the law is not compatible with that use.
replies(1): >>42149603 #
9. randomdata ◴[] No.42149603{4}[source]
According to the specification,

DNT: 0 = Yes, track me.

DNT: 1 = No, do not track me.

> I'm not even sure with it set to 0 that you can assume that intent.

That's the problem. Someone not paying attention might inadvertently set DNT: 0, which is why the law is written the way it is. But at the same time we have techies who knowingly and carefully set such values and want the service to acknowledge it, contrary to the law. Hence the contention.