←back to thread

US Court nullifies FTC requirement for click-to-cancel

(arstechnica.com)
573 points gausswho | 2 comments | 08 Jul 25 22:42 UTC | HN request time: 1.002s | source
Show context
pjmlp ◴[09 Jul 25 09:47 UTC] No.44507998[source]
The consumer protection laws are so bad the other side of Atlantic.

Most European countries, have their own version of consumer protection agencies, usually any kind of complaint gets sorted out, even if takes a couple months.

If they fail for whatever reason, there is still the top European one.

Most of the time I read about FTC, it appears to side with the wrong guys.

replies(8): >>44508075 #>>44508495 #>>44508884 #>>44508987 #>>44509501 #>>44510263 #>>44512025 #>>44512341 #
mindwork ◴[09 Jul 25 16:59 UTC] No.44512341[source]
At the same time European laws got whole internet littered with "Accept cookies" banners
replies(4): >>44512481 #>>44513025 #>>44513374 #>>44513876 #
1. t-writescode ◴[09 Jul 25 18:32 UTC] No.44513374[source]
The standard "Accept Cookies" banner is, give or take, malicious compliance to the EU's cookie laws. For actually required things, it doesn't *need* to be a banner. Companies tend to use a standardized, third-party-powered "follow the EU law" tool that they get the ugly cookie banner. And even that banner's malicious compliance is under attack now because it takes too many steps to opt out.

For things like sign-in, you barely have to mention the use of cookies on your website, because it's necessary. For things like items in an anonymous shopping cart, a simple "adding this item to the cart when you're not logged in will cause the item to be saved in a cookie so we can remember it later" would suffice.

I'm not a lawyer, but that's my understanding.

replies(1): >>44517683 #
2. smarnach ◴[10 Jul 25 05:46 UTC] No.44517683[source]
Not even that. There's no rule in the GDPR to disclose the use of cookies. The regulation doesn't actually mention cookies at all, except maybe in an example. Instead, any data collection that's obviously required to do what the user requests (including session and shopping cart cookies) doesn't require any explicit consent. Only additional data collection, whether performed by cookies or any other means, requires consent.

That's why there are websites without cookie banners, like GitHub. It's not even hard to do that; it's just that most companies don't bother, because they know the EU will be blamed anyway.