←back to thread

Analysis of economic and productivity losses caused by cookie banners in Europe

(legiscope.com)
332 points vegasbrianc | 3 comments | 14 Nov 24 22:23 UTC | HN request time: 0.001s | source
Show context
uniqueuid ◴[15 Nov 24 08:34 UTC] No.42144954[source]
I am kind of frustrated by the widespread misunderstandings in this thread.

Laws are best when they are abstract, so that there is no need for frequent updates and they adapt to changing realities. The European "cookie law" does not mandate cookie banners, it mandates informed consent. Companies choose to implement that as a banner.

There is no doubt that the goals set by the law are sensible. It is also not evident that losing time over privacy is so horrible. In fact, when designing a law that enhances consumer rights through informed consent, it is inevitable that this imposes additional time spent on thinking, considering and acting.

It's the whole point, folks! You cannot have an informed case-by-case decision without spending time.

replies(16): >>42145020 #>>42145131 #>>42145155 #>>42145209 #>>42145333 #>>42145656 #>>42145815 #>>42145852 #>>42146272 #>>42146629 #>>42147195 #>>42147452 #>>42147781 #>>42148046 #>>42148053 #>>42150487 #
pickledoyster ◴[15 Nov 24 09:42 UTC] No.42145333[source]
Yes. It's not the regulation but the misguided implementation that's to blame.

Sites and cookie banner plugins could just accept DNT signals from browsers and no productivity would be lost.

replies(2): >>42145475 #>>42146292 #
randomdata ◴[15 Nov 24 10:08 UTC] No.42145475[source]
DNT does not provide informed consent. It may, if set to not track, imply denial, but the reverse is not true. If DNT is accepting or unset, the site needs to fall back to the banner to get consent. And at that point you may as well prompt everyone with the banner instead of complicating the codebase with extra logic for a DNT edge case.
replies(3): >>42145575 #>>42146222 #>>42149038 #
account42 ◴[15 Nov 24 12:17 UTC] No.42146222[source]
I doubt there would be any concerns with "complicating the codebase" (really?) if there was a Yes-Track header that gave consent but no negative signal.
replies(1): >>42147633 #
1. randomdata ◴[15 Nov 24 15:15 UTC] No.42147633[source]
There is a "Yes-Track" header – DNT: 0

Granted, you can't legally use it like that where EU laws apply, per the GDPR. Hence the complaints about the GDPR you see in other comments.

replies(1): >>42149132 #
2. smolder ◴[15 Nov 24 17:45 UTC] No.42149132[source]
It's not really a Yes Track if it's simply absent. The user hasn't requested to be tracked. I'm not even sure with it set to 0 that you can assume that intent. I guess it would depend on the browsers behavior, but as you say the law is not compatible with that use.
replies(1): >>42149603 #
3. randomdata ◴[15 Nov 24 18:37 UTC] No.42149603[source]
According to the specification,

DNT: 0 = Yes, track me.

DNT: 1 = No, do not track me.

> I'm not even sure with it set to 0 that you can assume that intent.

That's the problem. Someone not paying attention might inadvertently set DNT: 0, which is why the law is written the way it is. But at the same time we have techies who knowingly and carefully set such values and want the service to acknowledge it, contrary to the law. Hence the contention.