←back to thread

US Court nullifies FTC requirement for click-to-cancel

(arstechnica.com)
572 points gausswho | 10 comments | 08 Jul 25 22:42 UTC | HN request time: 0.939s | source | bottom
Show context
pjmlp ◴[09 Jul 25 09:47 UTC] No.44507998[source]
The consumer protection laws are so bad the other side of Atlantic.

Most European countries, have their own version of consumer protection agencies, usually any kind of complaint gets sorted out, even if takes a couple months.

If they fail for whatever reason, there is still the top European one.

Most of the time I read about FTC, it appears to side with the wrong guys.

replies(8): >>44508075 #>>44508495 #>>44508884 #>>44508987 #>>44509501 #>>44510263 #>>44512025 #>>44512341 #
1. mindwork ◴[09 Jul 25 16:59 UTC] No.44512341[source]
At the same time European laws got whole internet littered with "Accept cookies" banners
replies(4): >>44512481 #>>44513025 #>>44513374 #>>44513876 #
2. okanat ◴[09 Jul 25 17:10 UTC] No.44512481[source]
This is a persistent stupid take but many HN readers are also on the wrong side of the consumer protection. Those startups don't make money out of thin air eh?

Once again. The full consumer protection would be banning behavior-based advertisement completely, which I would welcome. GDPR is striking a balance. It forces the companies to ask if they are going to collect data and use it in any other purpose from delivering the information / service.

Almost all of the web is feeding data into Google's ad and statistics services which are used to profile people and completely out of scope. That's the minimum. Worser services feed your data into every single PII broker. If you don't collect such data, no banners are necessary. If you need an address and an email to just ship a product, you need 0 cookie banners. The websites can also do geo-fencing so you don't see any banners. They don't want to spend any money to engineers though.

But no, it is EU's fault to create a balanced law. Companies should be violating you and your pricacy left and right. That's their right, isn't it.

replies(1): >>44513044 #
3. mrweasel ◴[09 Jul 25 17:59 UTC] No.44513025[source]
The alternative would have been banning tracking and I don't think that would have happend. At least now you're being informed and have at least the perception of an option to opt-out.

Had you truly preferred not being informed, not being allowed to opt-out?

replies(1): >>44514296 #
4. crims0n ◴[09 Jul 25 18:01 UTC] No.44513044[source]
Plenty of well-meaning laws have unintended consequences. Intent does not absolve being the cause of the effect.
replies(2): >>44513378 #>>44513669 #
5. t-writescode ◴[09 Jul 25 18:32 UTC] No.44513374[source]
The standard "Accept Cookies" banner is, give or take, malicious compliance to the EU's cookie laws. For actually required things, it doesn't *need* to be a banner. Companies tend to use a standardized, third-party-powered "follow the EU law" tool that they get the ugly cookie banner. And even that banner's malicious compliance is under attack now because it takes too many steps to opt out.

For things like sign-in, you barely have to mention the use of cookies on your website, because it's necessary. For things like items in an anonymous shopping cart, a simple "adding this item to the cart when you're not logged in will cause the item to be saved in a cookie so we can remember it later" would suffice.

I'm not a lawyer, but that's my understanding.

replies(1): >>44517683 #
6. t-writescode ◴[09 Jul 25 18:33 UTC] No.44513378{3}[source]
Sure, but the cookie law is a bad example of it.
7. vkou ◴[09 Jul 25 19:02 UTC] No.44513669{3}[source]
This consequence is 100% intended to fuck with the UX of your website, if your business model is tracking users.

And it accomplishes that goal. A lot of people on this forum are quite unhappy about it, but that's not because it's an unforeseen consequence.

8. devjab ◴[09 Jul 25 19:24 UTC] No.44513876[source]
The cookie banner pop-ups are not compliance with the EU legislation, in fact, many of them are in direct violation of EU laws. If you were to give sites the benefit of doubt, they are doing it because they are copy pasting, but the reality is, that the law is that they can not track you without your concent and that they are not allowed to bother you. The fact that they do is likely malicious compliance to get you to blame the EU rather than their shitty tracking practices.

Any site that doesn't have a single button click to ignore all cookies, breaks EU law. But to truly follow the law, you would have to go into a site setting on your own, and enable tracking. Which nobody would do.

9. mindwork ◴[09 Jul 25 20:12 UTC] No.44514296[source]
thats not the point I was answering.

The point is that it's 2 sides of the coin under regulation vs over regulation. And no system is ideal on both sides of Atlantic

10. smarnach ◴[10 Jul 25 05:46 UTC] No.44517683[source]
Not even that. There's no rule in the GDPR to disclose the use of cookies. The regulation doesn't actually mention cookies at all, except maybe in an example. Instead, any data collection that's obviously required to do what the user requests (including session and shopping cart cookies) doesn't require any explicit consent. Only additional data collection, whether performed by cookies or any other means, requires consent.

That's why there are websites without cookie banners, like GitHub. It's not even hard to do that; it's just that most companies don't bother, because they know the EU will be blamed anyway.