←back to thread

332 points vegasbrianc | 5 comments | | HN request time: 0.69s | source
Show context
uniqueuid ◴[] No.42144954[source]
I am kind of frustrated by the widespread misunderstandings in this thread.

Laws are best when they are abstract, so that there is no need for frequent updates and they adapt to changing realities. The European "cookie law" does not mandate cookie banners, it mandates informed consent. Companies choose to implement that as a banner.

There is no doubt that the goals set by the law are sensible. It is also not evident that losing time over privacy is so horrible. In fact, when designing a law that enhances consumer rights through informed consent, it is inevitable that this imposes additional time spent on thinking, considering and acting.

It's the whole point, folks! You cannot have an informed case-by-case decision without spending time.

replies(16): >>42145020 #>>42145131 #>>42145155 #>>42145209 #>>42145333 #>>42145656 #>>42145815 #>>42145852 #>>42146272 #>>42146629 #>>42147195 #>>42147452 #>>42147781 #>>42148046 #>>42148053 #>>42150487 #
mpeg ◴[] No.42145020[source]
What I find funny about the whole thing is that the grand majority of companies with cookie banners are not implementing them correctly, and therefore are still in breach of the law.

I see constantly banners on sites that set tracking cookies by default, and delete them if you reject them in the banner (or even worse, not delete them at all!) – this is not compliant as the cookies were set before consent was given

Also see banners where there is only a big "OK" button, with no visible option to reject, this is also not compliant!

replies(5): >>42145538 #>>42146028 #>>42147215 #>>42147228 #>>42150714 #
1. sourcecodeplz ◴[] No.42147215[source]
Look at how Google does it for Blogger. There is an OK button and a "Learn more" one. There is no reject. Are you saying they are breaking the law? EU would love nothing more than to levy more fines.
replies(4): >>42147234 #>>42149123 #>>42149807 #>>42151826 #
2. actionfromafar ◴[] No.42147234[source]
I always assumed they were and are breaking the law.
3. MagnumOpus ◴[] No.42149123[source]
They are breaking the law. But enforcement lies with national agencies (unlike antitrust where the EU commission itself enforces). Most national agencies don’t bother, only the French CNIL had levied penalties - pretty much on every one of the big ad tech companies in the Faamgs, Bytedance and Twitter…
4. atoav ◴[] No.42149807[source]
Yes.

GDPR says on Consent:

> The basic requirements for the effectiveness of a valid legal consent are defined in Article 7 and specified further in recital 32 of the GDPR. Consent must be freely given, specific, informed and unambiguous. In order to obtain freely given consent, it must be given on a voluntary basis. The element “free” implies a real choice by the data subject. Any element of inappropriate pressure or influence which could affect the outcome of that choice renders the consent invalid.

Pretty clear, isn't it?

There have been subsequent rulings stating that not giving a equally styled no/reject option or letting people choose between one yes option and thousand separate no options is already a influence that nullifies consent.

Also specific means you can't just tell them you have to use a cookie for technical reasons and use it for tracking later — they might have given you consent for that cookie for the purpose you told them about, not for the purpose of tracking.

All kinds of actors try to bend the rules here, while the rules are verh clear.

5. eitland ◴[] No.42151826[source]
> EU would love nothing more than to levy more fines.

They aren't paying attention then.

The market abuse that has allowed Chrome to become as dominant as it is has been a lot worse than what Microsoft did with IE.