Internet's biggest annoyance: Cookie laws should target browsers, not websites

But the law never allowed this. Enforcement just turned out to be an issue due to the enormity of it all.

Also, please remember that in Europe there is no such thing as "the spirit of the law versus the letter of the law." The intent of the law IS the law.

Honest question, isn't the spirit of the law the same as the intent of the law?

If you can't enforce the law, then it is a bad law. Also, this is a problem that naturally solves itself over time, so no law was ever needed. The UX of the web degraded for everyone after GDPR was passed and that I think everyone can agree on.

If people care about privacy, then over time they will migrate to companies and services that respect their privacy. Government laws are broad based policies that always lack nuance. This is why it is better to let markets drive better outcomes organically.

Yes and sometimes it's subtly different from the letter of the law. The point is, if I understand it correctly, that in the US, courts always literally interpret the law as written, whereas in the EU there's a culture of sometimes, when the letter of the law super clearly differs from the intent it was obviously written with, siding with the intent of the law rather than the precise wording.

That doesn't jibe with my understanding. For one thing, "interpreting the law as written" is impossible on its face. You need to have an understanding of what it means, i.e. interpret it. And not only that, isn't the whole deal with Common Law that the judge, judges?

> If you can't enforce the law, then it is a bad law.

It isn't that this can't be enforced, it just lagged because of the size and changes that this law brought.

> Also, this is a problem that naturally solves itself over time, so no law was ever needed.

How does it solve itself?

> The UX of the web degraded for everyone after GDPR was passed and that I think everyone can agree on.

Due to website operators doing illegal things.

> If people care about privacy, then over time they will migrate to companies and services that respect their privacy.

Why would people care about something they don't know about?

> in the US, courts always literally interpret the law as written

I think lots of courts claim this, and none actually do.

No. US courts consider both, to the extent that it’s a bright-line divider between “conservative” judges and “liberal” ones, where the former are far more likely to profess strict adherence to the text of the law (particularly constitutional law).

In any case, there is always a difference between the “intent” of a large and diverse body of politicians, and the actual text of a law. Any practical legal system must take it into consideration.

The government has outlawed murder but your local law enforcement isn't investigating the murders. You're blaming the lawmakers for writing "bad laws" in this situation, why?

First order of blame goes to the national DPAs for not carrying out their duties.

Second order of blame goes go to whichever EU authority is responsible for penalizing EU member states for non-compliance. There should be serious consequences for non-enforcement like frozen funding. (I don't know what the actual legal process is)

> If people care about privacy, then over time they will migrate to companies and services that respect their privacy.

This is just a libertarian fairy-tale that is designed to sound sensible and rational while being malicious in practice. It exploits information asymmetry, human ignorance, network effects, and our general inability to accurately assess long-term consequences, in order to funnel profits into the hands of the most unscrupulous businesses.

In other words, there's a reason why we have to have regulations that protect people from themselves (and protect well-being of society as a whole).

> If you can't enforce the law, then it is a bad law.

Or, alternatively, you _could_ enforce the law but the resources to do so (people) are no longer available. This happens a lot in the US when the current admin doesn't feel it's important, so doesn't fund the enforcement agencies. And is particularly true more of codes/regulations (I get them confused) than of laws.

IIRC a common law maxim oft repeated said something like: “a judge doesn’t make a ruling because it is right, the ruling is right because the judge has ruled it.”

Cookie banners are not GDPR.

It’s the same problem as those reading the Scripture literally. You can’t. You are reading a translation, for starters. To come even close, you need a subtle understanding of semite languages, culture and Greek, depending on your denomination. You need some guidance when reading, whether that is the Holy Ghost, your pastor, or a decade or two of yeshiva school.

Is this a different meaning of "conservative" and "liberal" from the political sides, or is this reply blatantly partisan?

> where the former are far more likely to profess strict adherence to the text of the law (particularly constitutional law)

This is a fiction and just an excuse conservative justices use to make conservative rulings when they don't like a law.

They are perfectly fine to abandon the text of the law whenever it doesn't move forward a conservative agenda. The shining example of this is the voting rights act. Something never amended or repealed by congress but slowly dismantled by the court counter to both the intent and the text of the law.

And if you don't believe me, I suggest reading over the Shelby County v. Holder [1] decision because they put it in black and white.

> Nearly 50 years later, they are still in effect; indeed, they have been made more stringent, and are now scheduled to last until 2031. There is no denying, however, that the conditions that originally justified these measures no longer characterize voting in the covered jurisdictions.

IE "We know the law says this, and it's still supposed to be in effect. But we don't like what it does so we are canceling it based on census data".

[1] https://supreme.justia.com/cases/federal/us/570/529/

I think he meant to say the spirit of the law is the law.

If you read GDPR in it's complete form [1], there are 173 paragraphs before the actual law begins at CHAPTER I, almost half way down the page. Those are the reasons why the law was created, what's it trying to achieve, how it is intended to work, responsibilities of govenrnments, etc.

The EU provided us the spirit of the law - in writing.

[1] https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

I’m not saying it’s true or false. Hypocrisy is universal to politics, and it’s trivial to find examples throughout US history on all sides of the political spectrum. I’m just saying that the issue of strict interpretation is so fundamental to the US legal system that it’s a core philosophical debate for judges.

> This is a fiction and just an excuse conservative justices use to make conservative rulings when they don't like a law.

Isn't this the other way around? If you cite "the spirit of the law" then you're ignoring the text in order to do whatever you want.

Finding a "conservative" judge who does the latter is evidence that the particular judge is hypocrite rather than any argument that ignoring what the law actually says is the right thing to do.

But you also picked kind of a bad example, because that wasn't a case about how to interpret the law, it was about whether the law was unconstitutional.

> The government has outlawed murder but your local law enforcement isn't investigating the murders. You're blaming the lawmakers for writing "bad laws" in this situation, why?

Investigating murders is enforceable. If law enforcement isn't doing their job then that is a different problem. By virtue of being on the Internet, tracking cookies span many legal jurisdictions (even ones outside of the EU that never agreed to GDPR) and therefore run into all sorts of different legal obstacles. Apples and oranges and all that.

> This is just a libertarian fairy-tale that is designed to sound sensible and rational while being malicious in practice. It exploits information asymmetry, human ignorance, network effects, and our general inability to accurately assess long-term consequences, in order to funnel profits into the hands of the most unscrupulous businesses.

No, it allows people to be adults and vote with their feet. We do this all the time in many other areas and it works. (Exactly what the free market is based on) This is not to say that there shouldn't be any privacy and anti-spam laws, but when it comes to allowing marketing/advertising the trade-off has been well understood for some time. We are all funneling a lot of profits into companies that provide software to serve up the cookie banner warnings now and the advertisers still end up getting lots of people's data. A poorly designed law is a bad law. Legally requiring consent upfront and the ramifications of that decision should have been thought through much more thoroughly.

> It isn't that this can't be enforced, it just lagged because of the size and changes that this law brought.

How long have these laws been out and we are still dealing with these issues. They seem to have gotten worse, not better.

> How does it solve itself?

People build services that don't track others and people pay for those services. It's pretty simple.

> Due to website operators doing illegal things.

If it was so illegal it would be stopped, but apparently businesses are indeed complying with the law.

> Why would people care about something they don't know about?

It's well known that cookies track you across sites and some people choose not to use those sites. The sites are required to disclose this information, so users are definitely aware.

The problem here is that people need some way to know if doing something will incur a penalty before they actually do it.

One way to do that is to interpret the law strictly according to the text, or in the case of ambiguity to choose the interpretation that benefits the accused rather than the government. Then you could just read the law to know if it prohibits what you want to do, because unless it unambiguously does, then it doesn't. And then if the government doesn't like it once they see someone doing that, it's up to them to change the law.

Another is to give people a way to get clarification ahead of time. This is called advisory opinions and governments generally hate them because as soon as you allow it, the government is going to be absolutely swamped with requests for clarification because everybody wants to pre-clear everything they're going to do rather than take the risk of getting punished for doing something without clearing it. But in order for this to work, getting a clarification has to be cheap, because "pay a million dollars for an advisory opinion to avoid the risk of a million dollar fine" isn't a real solution to the problem of people getting punished when the law is unclear.

So the first one is actually better, the only "problem" with it is that you need the government to be paying attention and promptly rework the law when it isn't having the intended effect, otherwise you'll have people complaining about it because in the meantime there is a dumb law on the books. But if your government is bad at making good laws then you're going to have a bad time no matter what.

> Also, please remember that in Europe there is no such thing as "the spirit of the law versus the letter of the law." The intent of the law IS the law.

On the other hand, there is the issue how the intent of laws (which were often passed by highly incompetent politicians, in particular when IT topics are involved) is to be interpreted.

> Another is to give people a way to get clarification ahead of time. This is called advisory opinions and governments generally hate them because as soon as you allow it, the government is going to be absolutely swamped with requests for clarification because everybody wants to pre-clear everything they're going to do rather than take the risk of getting punished for doing something without clearing it. But in order for this to work, getting a clarification has to be cheap, because "pay a million dollars for an advisory opinion to avoid the risk of a million dollar fine" isn't a real solution to the problem of people getting punished when the law is unclear.

A partial solution to this problem is: write laws in a way that need a lot less clarification because there is rarely a need for it because the laws are thought out so well.

I too would like a free pony.

This is rather about free ensurance that the country won't use violence (the state authority) against you.

It's pretty obvious that they don't currently write laws that way, so the question is, what do you propose to change that would cause them to?

> If law enforcement isn't doing their job then that is a different problem.

Yes, that is precisely the problem with GDPR, too. Enforcement is supposed to be carried out by national Data Protection Authorities but they just don't investigate. I've reported some clear cut violations and they never followed up on anything.

Swedish one is even being taken to court for completely neglecting their duties: https://noyb.eu/en/noyb-takes-swedish-dpa-court-refusing-pro...

> By virtue of being on the Internet, tracking cookies span many legal jurisdictions (even ones outside of the EU that never agreed to GDPR) and therefore run into all sorts of different legal obstacles.

It doesn't matter. It's irrelevant to the general enforcement issue. Most DPAs seem to be failing to enforce even the simplest of cases. Let's chat about the edge cases and jurisdiction when the clear cut cases are being taken care of reliably.

Europe is not homogenic when it comes to law doctrine though and does have variations in how to handle unclarities in the letter of the law. In some jurisdictions the intent very much matter to resolve how ambiguities should be resolved.

That's an uncharitable reading. Citing the "the spirit of the law" is not automatically ignoring the text in order to do whatever you want. It can be "how do I apply this archaic text about oxen (or whatever) to current events". Maybe the meaning is that stealing stuff in general is frowned upon, not just oxen. Or should we focus on how a Chevrolet Corvette is definitely not an ox?

> How long have these laws been out and we are still dealing with these issues. They seem to have gotten worse, not better.

No, they have gotten better. Earlier reject all was barely seen on the internet. Now it is on the majority of places or at least in much more places. How is that getting worse? Can you please explain how it has gotten worse or why you think it has gotten worse?

> People build services that don't track others and people pay for those services. It's pretty simple.

How would an average individual know that a service is tracking them if the service doesn't need their consent for it?

> If it was so illegal it would be stopped, but apparently businesses are indeed complying with the law.

GDPR art. 7.3:

"The data subject shall have the right to withdraw his or her consent at any time. 2The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 3Prior to giving consent, the data subject shall be informed thereof. 4It shall be as easy to withdraw as to give consent."

So the law states that it must be as easy to reject cookies as to accept. That means that it is illegal to hide reject all.

In the parent post of this thread there is even a link about a court case:

https://www.techspot.com/news/108043-german-court-takes-stan...

So has your opinion with this information changed on who is to blame for the bad UX? If not, why not?

> It's well known that cookies track you across sites and some people choose not to use those sites. The sites are required to disclose this information, so users are definitely aware.

Maybe now, because of GDPR forcing site operators for asking consent to being tracked. But you said that it would happen organically without GDPR. I'm confused, even you, in the last sentence say that sites are required to disclose information but that is because of GDPR. It isn't the market somehow reaching that point organically. So which is it because you seem to agree that GDPR is needed but at the same time you are saying that it isn't needed and the market would sort it out. I'm really confused now.

A very first step could be to to brutally expose every politician who voted for such shittily designed laws.

Not doing that is a civic duty that I expect from every politician who wants to be considered to be more trustworthy than a child molester who has relapsed several times.

nah, it's just slow, as unfortunately almost all things involving technology and international/supranational organizations

first case was around 2018-2019 and then it took some time for the cookie banner consent thing to percolate through the courts. (the Hungarian data protection agency already issued a ~3000 EUR fine in 2018-08 and cited the GDPR. and the Hungarian DPA cites this 2019 EU court case which is explicitly about cookie consent [1])

and according to this tracker - https://noyb.eu/en - there are 2B fines already imposed and (883 total cases and still 468 pending)

[1] https://curia.europa.eu/juris/document/document.jsf?text=&do...

as long as we cannot provide some objective foundations for the meaning of words we're pretty much left with the law constantly being interpreted, and even if somehow laws and enforcement becomes completely independent of the fallibility of human minds, as long as we are subject to it we ourselves will have different interpretation from time to time

and even if the law somehow becomes a perfect ideal filter for separating good from bad ... its enforcement will run into the problem of false positives and negatives as long as it deals with messy real world events and their various imperfect impressions found in whatever evidence is collected in a case.

well, of course a more competent electorate and politicians would be nice anyway, but now we run into the problem of competence in the eyes of who?