←back to thread

Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)
583 points SweetSoftPillow | 1 comments | 22 Oct 25 12:12 UTC | HN request time: 0.288s | source
Show context
bradleyy ◴[22 Oct 25 13:23 UTC] No.45668748[source]
Hey, I'm the lead developer on DataGrail's(1) Consent product (cookie banner). I know a fair bit from having been involved with this for years, and talking to a lot of customers.

Happy to answer questions and clear up misconceptions, especially the one about "giving DNT force of law": we already have Global Privacy Control (GPC), and it's already required in (significant parts of) the US, and it's being enforced.

I can say we've tried really hard to prevent a lot of the malicious user interface issues, and to respect the GPC and DNT signal (no banner pop). We've tried to balance the company's need to keep compliant (because frankly, many of the complaints here about "legalese" aren't just deceptive UI (dark patterns), but done on the advice of counsel), and still operating (marketing needs analytics/ad tracking). And we're concerned about the user experience for what is admittedly an intrusive tool, but required.

(1) I'm not a spokesperson for the company, experiences and opinions are mine.

replies(1): >>45669579 #
PanoptesYC ◴[22 Oct 25 14:21 UTC] No.45669579[source]
A lot of consent banner implementations have a clear accept all and then an intentionally obtuse alternative where you have to manually untick every "partner" you don't want to give data to. Presumably this is more profitable, as a lot of people will just click accept all instead of wasting their time.

A lot of people in the thread are speculating that this approach is illegal, but it seems to have widespread use across the web. Why doesn't DataGrail do this? Was it something requested by advertisers/management that your team pushed back on?

replies(1): >>45671152 #
1. bradleyy ◴[22 Oct 25 16:01 UTC] No.45671152[source]
It's pretty clear from my reading of the (EU) laws that giving prominence to "Accept all" and not having the same level of prominence for "Essential only" is not acceptable. US is a whole different story, but has some bright points: GPC is already required in several states, and spreading. This removes the need for a consent banner to show on screen, which is great.

Our primary job is to make our customers compliant, so we try to "push them into the valley of success". That means GPC and DNT "do the right thing" by default, no deceptive design (dark patterns), etc.