←back to thread

Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)
582 points SweetSoftPillow | 3 comments | 22 Oct 25 12:12 UTC | HN request time: 0s | source
Show context
michaelmauderer ◴[22 Oct 25 12:36 UTC] No.45668112[source]
The problem here is not the law, but malicious compliance by websites that don't want to give up tracking.

"Spend Five Minutes in a Menu of Legalese" is not the intended alternative to "Accept All". "Decline All" is! And this is starting to be enforced through the courts, so you're increasingly seeing the "Decline All" option right away. As it should be. https://www.techspot.com/news/108043-german-court-takes-stan...

Of course, also respecting a Do-Not-Track header and avoiding the cookie banner entirely while not tracking the user, would be even better.

replies(27): >>45668188 #>>45668227 #>>45668253 #>>45668318 #>>45668333 #>>45668375 #>>45668478 #>>45668528 #>>45668587 #>>45668695 #>>45668802 #>>45668844 #>>45669149 #>>45669369 #>>45669513 #>>45669674 #>>45670524 #>>45670593 #>>45670822 #>>45670839 #>>45671739 #>>45671750 #>>45673134 #>>45673283 #>>45674480 #>>45675431 #>>45678865 #
crazygringo ◴[22 Oct 25 12:52 UTC] No.45668318[source]
No, the problem is 100% the law, because it was written in a way that allows this type of malicious compliance.

Laws need to be written well to achieve good outcomes. If the law allows for malicious compliance, it is a badly written law.

The sites are just trying to maximize profit, as anyone could predict. So write better laws.

replies(20): >>45668365 #>>45668389 #>>45668443 #>>45668540 #>>45668630 #>>45668809 #>>45668823 #>>45668886 #>>45669084 #>>45669675 #>>45670704 #>>45671579 #>>45672352 #>>45672518 #>>45672991 #>>45673713 #>>45674575 #>>45675918 #>>45676040 #>>45676756 #
hananova ◴[22 Oct 25 13:14 UTC] No.45668630[source]
But the law never allowed this. Enforcement just turned out to be an issue due to the enormity of it all.

Also, please remember that in Europe there is no such thing as "the spirit of the law versus the letter of the law." The intent of the law IS the law.

replies(5): >>45668693 #>>45668755 #>>45676087 #>>45679328 #>>45680078 #
ahnick ◴[22 Oct 25 13:23 UTC] No.45668755[source]
If you can't enforce the law, then it is a bad law. Also, this is a problem that naturally solves itself over time, so no law was ever needed. The UX of the web degraded for everyone after GDPR was passed and that I think everyone can agree on.

If people care about privacy, then over time they will migrate to companies and services that respect their privacy. Government laws are broad based policies that always lack nuance. This is why it is better to let markets drive better outcomes organically.

replies(4): >>45669234 #>>45669688 #>>45670030 #>>45670151 #
1. dns_snek ◴[22 Oct 25 14:29 UTC] No.45669688[source]
The government has outlawed murder but your local law enforcement isn't investigating the murders. You're blaming the lawmakers for writing "bad laws" in this situation, why?

First order of blame goes to the national DPAs for not carrying out their duties.

Second order of blame goes go to whichever EU authority is responsible for penalizing EU member states for non-compliance. There should be serious consequences for non-enforcement like frozen funding. (I don't know what the actual legal process is)

> If people care about privacy, then over time they will migrate to companies and services that respect their privacy.

This is just a libertarian fairy-tale that is designed to sound sensible and rational while being malicious in practice. It exploits information asymmetry, human ignorance, network effects, and our general inability to accurately assess long-term consequences, in order to funnel profits into the hands of the most unscrupulous businesses.

In other words, there's a reason why we have to have regulations that protect people from themselves (and protect well-being of society as a whole).

replies(1): >>45675450 #
2. ahnick ◴[22 Oct 25 21:34 UTC] No.45675450[source]
> The government has outlawed murder but your local law enforcement isn't investigating the murders. You're blaming the lawmakers for writing "bad laws" in this situation, why?

Investigating murders is enforceable. If law enforcement isn't doing their job then that is a different problem. By virtue of being on the Internet, tracking cookies span many legal jurisdictions (even ones outside of the EU that never agreed to GDPR) and therefore run into all sorts of different legal obstacles. Apples and oranges and all that.

> This is just a libertarian fairy-tale that is designed to sound sensible and rational while being malicious in practice. It exploits information asymmetry, human ignorance, network effects, and our general inability to accurately assess long-term consequences, in order to funnel profits into the hands of the most unscrupulous businesses.

No, it allows people to be adults and vote with their feet. We do this all the time in many other areas and it works. (Exactly what the free market is based on) This is not to say that there shouldn't be any privacy and anti-spam laws, but when it comes to allowing marketing/advertising the trade-off has been well understood for some time. We are all funneling a lot of profits into companies that provide software to serve up the cookie banner warnings now and the advertisers still end up getting lots of people's data. A poorly designed law is a bad law. Legally requiring consent upfront and the ramifications of that decision should have been thought through much more thoroughly.

replies(1): >>45679077 #
3. dns_snek ◴[23 Oct 25 07:11 UTC] No.45679077[source]
> If law enforcement isn't doing their job then that is a different problem.

Yes, that is precisely the problem with GDPR, too. Enforcement is supposed to be carried out by national Data Protection Authorities but they just don't investigate. I've reported some clear cut violations and they never followed up on anything.

Swedish one is even being taken to court for completely neglecting their duties: https://noyb.eu/en/noyb-takes-swedish-dpa-court-refusing-pro...

> By virtue of being on the Internet, tracking cookies span many legal jurisdictions (even ones outside of the EU that never agreed to GDPR) and therefore run into all sorts of different legal obstacles.

It doesn't matter. It's irrelevant to the general enforcement issue. Most DPAs seem to be failing to enforce even the simplest of cases. Let's chat about the edge cases and jurisdiction when the clear cut cases are being taken care of reliably.