←back to thread

Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)
582 points SweetSoftPillow | 2 comments | 22 Oct 25 12:12 UTC | HN request time: 0.48s | source
Show context
michaelmauderer ◴[22 Oct 25 12:36 UTC] No.45668112[source]
The problem here is not the law, but malicious compliance by websites that don't want to give up tracking.

"Spend Five Minutes in a Menu of Legalese" is not the intended alternative to "Accept All". "Decline All" is! And this is starting to be enforced through the courts, so you're increasingly seeing the "Decline All" option right away. As it should be. https://www.techspot.com/news/108043-german-court-takes-stan...

Of course, also respecting a Do-Not-Track header and avoiding the cookie banner entirely while not tracking the user, would be even better.

replies(27): >>45668188 #>>45668227 #>>45668253 #>>45668318 #>>45668333 #>>45668375 #>>45668478 #>>45668528 #>>45668587 #>>45668695 #>>45668802 #>>45668844 #>>45669149 #>>45669369 #>>45669513 #>>45669674 #>>45670524 #>>45670593 #>>45670822 #>>45670839 #>>45671739 #>>45671750 #>>45673134 #>>45673283 #>>45674480 #>>45675431 #>>45678865 #
whywhywhywhy ◴[22 Oct 25 12:58 UTC] No.45668375[source]
The problem is exactly the law then because it was written so incompetently that it left the loopholes to allow websites to try and trick accepting.

Should have been written in the law that it’s a one toggle in browser settings.

If government is going to impose on the internet the least they could do is be competent in what they impose. Not writing laws that waste lifetimes in collective hours a day as every person in Europe deals with multiple of these dialogs a day and thousands a year.

replies(2): >>45668441 #>>45668445 #
1. dns_snek ◴[22 Oct 25 13:02 UTC] No.45668441[source]
> it left the loopholes to allow websites to try and trick accepting.

It did not. These practices are illegal under the GDPR, the problem is a chronic lack of enforcement by most national enforcement agencies in all but the most severe cases.

Some are just ineffective but others have gone completely rogue. Swedish Data Protection Authority (DPA) for example takes the position that commercial data brokers like Mrkoll are allowed to publish and sell people's personal information (including your current home address, hello stalkers!) [1] and that this is somehow protected under the pretense of "journalism" [2].

[1] https://mrkoll.se/resultat?n=Otto&c=&min=16&max=120&sex=a&c_...

[2] https://noyb.eu/en/swedish-data-brokers-claim-journalists-le...

replies(1): >>45672625 #
2. dns_snek ◴[22 Oct 25 17:46 UTC] No.45672625[source]
[2] Doesn't fully capture the negligence of the Swedish DPA ("IMY"), here's a better source:

> IMY’s practice of simply “forwarding” complaints.

> The IMY’s way of dealing with complaints since the Supreme Administrative Court ruling is to attach an “appeal form” to their (non-)decisions. But it still doesn’t investigate the complaints. Instead, the authority simply forwards the complaint to the entity that illegally processes personal data and then immediately closes the case. This also happened in the case preceding noyb’s current legal action against the IMY. After a data subject filed a complaint regarding a recorded phone call, the authority forwarded it to the respondent without investigating.

[3] https://noyb.eu/en/noyb-takes-swedish-dpa-court-refusing-pro...