←back to thread

Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)
582 points SweetSoftPillow | 5 comments | 22 Oct 25 12:12 UTC | HN request time: 0.001s | source
Show context
michaelmauderer ◴[22 Oct 25 12:36 UTC] No.45668112[source]
The problem here is not the law, but malicious compliance by websites that don't want to give up tracking.

"Spend Five Minutes in a Menu of Legalese" is not the intended alternative to "Accept All". "Decline All" is! And this is starting to be enforced through the courts, so you're increasingly seeing the "Decline All" option right away. As it should be. https://www.techspot.com/news/108043-german-court-takes-stan...

Of course, also respecting a Do-Not-Track header and avoiding the cookie banner entirely while not tracking the user, would be even better.

replies(27): >>45668188 #>>45668227 #>>45668253 #>>45668318 #>>45668333 #>>45668375 #>>45668478 #>>45668528 #>>45668587 #>>45668695 #>>45668802 #>>45668844 #>>45669149 #>>45669369 #>>45669513 #>>45669674 #>>45670524 #>>45670593 #>>45670822 #>>45670839 #>>45671739 #>>45671750 #>>45673134 #>>45673283 #>>45674480 #>>45675431 #>>45678865 #
1. shagie ◴[22 Oct 25 13:50 UTC] No.45669149[source]
> The problem here is not the law, but malicious compliance by websites that don't want to give up tracking.

If that was the case, then why does the site from the EU first off track... and secondly why does it use a cookie banner rather than some other solution that would not be malicious compliance with the law?

If there was a solution to having cookies and some other way of informing visitors of it, shouldn't that be demonstrated on the official EU government explaining GDPR?

https://europa.eu/youreurope/business/dealing-with-customers...

Can a company go wrong implementing the same approach as https://european-union.europa.eu/index_en uses? Why is that considered malicious compliance with the law?

replies(1): >>45670545 #
2. Kbelicius ◴[22 Oct 25 15:23 UTC] No.45670545[source]
> If that was the case, then why does the site from the EU first off track

If you are asking why there isn't a "reject all" button on their webpage then the answer is simple. There is one. The "Accept only essential cookies".

> and secondly why does it use a cookie banner rather than some other solution that would not be malicious compliance with the law?

GDPR (general data protection regulation) is about general data protection, not about technology. It applies the same no matter if you are using cookies or something else.

> Can a company go wrong implementing the same approach as https://european-union.europa.eu/index_en uses? Why is that considered malicious compliance with the law?

The example you've given is an example of compliance since there is a button to reject all tracking cookies. Whenever you read the words malicious compliance within the context of this discussion you can just swap it with the word illegal which is the correct word for the behavior that is being bemoaned here.

replies(2): >>45670623 #>>45671257 #
3. shagie ◴[22 Oct 25 15:28 UTC] No.45670623[source]
I'm asking "if cookie consent banners are the less than idea solution, why isn't the official EU government site implementing it in a way that is ideal?"

If a company is deciding how to comply with the GDPR on its website, can it go wrong with copying how that site does it? Alternatively, if it tries something that is new, do they risk getting sued by the EU for not following the GDPR?

My claim that it isn't malicious compliance to use cookie consent banners, but rather the least risky approach since that is exactly how europa.eu complies with their own laws.

replies(1): >>45671038 #
4. Kbelicius ◴[22 Oct 25 15:53 UTC] No.45671038{3}[source]
> I'm asking "if cookie consent banners are the less than idea solution, why isn't the official EU government site implementing it in a way that is ideal?"

Cookie banners are perfectly valid solution to the problem. GP originally said that the ideal solution is to avoid cookie banners by not tracking users. Not that if you want to track users there is a better solution than presenting them with a cookie banner.

> If a company is deciding how to comply with the GDPR on its website, can it go wrong with copying how that site does it?

No, because that is how it is spelled out in the law. Rejecting tracking must be as simple as accepting it. On the EU website both those options are presented in a clear way.

> My claim that it isn't malicious compliance to use cookie consent banners, but rather the least risky approach since that is exactly how europa.eu complies with their own laws.

There is no malicious compliance. If it is done as it is done on the EU site then it is compliant. If it isn't then it is illegal. Malicious compliance means that the letter of the law is strictly followed so to cause/do something not intended by the law. In case of hiding the reject button, that is illegal.

5. SpicyLemonZest ◴[22 Oct 25 16:07 UTC] No.45671257[source]
> Whenever you read the words malicious compliance within the context of this discussion you can just swap it with the word illegal which is the correct word for the behavior that is being bemoaned here.

I don't think that's the case. A number of people downthread are quite explicit that they find being asked at all annoying and don't think websites should be allowed to throw up cookie banners all the time.