←back to thread

332 points vegasbrianc | 2 comments | | HN request time: 0.418s | source
Show context
uniqueuid ◴[] No.42144954[source]
I am kind of frustrated by the widespread misunderstandings in this thread.

Laws are best when they are abstract, so that there is no need for frequent updates and they adapt to changing realities. The European "cookie law" does not mandate cookie banners, it mandates informed consent. Companies choose to implement that as a banner.

There is no doubt that the goals set by the law are sensible. It is also not evident that losing time over privacy is so horrible. In fact, when designing a law that enhances consumer rights through informed consent, it is inevitable that this imposes additional time spent on thinking, considering and acting.

It's the whole point, folks! You cannot have an informed case-by-case decision without spending time.

replies(16): >>42145020 #>>42145131 #>>42145155 #>>42145209 #>>42145333 #>>42145656 #>>42145815 #>>42145852 #>>42146272 #>>42146629 #>>42147195 #>>42147452 #>>42147781 #>>42148046 #>>42148053 #>>42150487 #
mpeg ◴[] No.42145020[source]
What I find funny about the whole thing is that the grand majority of companies with cookie banners are not implementing them correctly, and therefore are still in breach of the law.

I see constantly banners on sites that set tracking cookies by default, and delete them if you reject them in the banner (or even worse, not delete them at all!) – this is not compliant as the cookies were set before consent was given

Also see banners where there is only a big "OK" button, with no visible option to reject, this is also not compliant!

replies(5): >>42145538 #>>42146028 #>>42147215 #>>42147228 #>>42150714 #
jolmg ◴[] No.42150714[source]
> I see constantly banners on sites that set tracking cookies by default, and delete them if you reject them in the banner (or even worse, not delete them at all!) – this is not compliant as the cookies were set before consent was given

Depends on what you consider to be "cookies were set". I think it's a valid argument that cookies aren't set until a "Set-Cookie" HTTP header is sent to the server. The banner is just a form to decide whether or not to set the cookies prior to actually doing so. The banner switches aren't the cookies themselves.

replies(1): >>42181891 #
1. mpeg ◴[] No.42181891[source]
What I mean is a lot of sites will add tracking cookies like say through a google analytics tag before the user has actually accepted them.

Then, if the user clicks to reject cookies in the banner they remove the tracking cookies etc – but this is not compliant since if the user takes no action they are being tracked by default.

replies(1): >>42185436 #
2. jolmg ◴[] No.42185436[source]
Oh. Then I agree.