←back to thread

Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)
599 points SweetSoftPillow | 1 comments | 22 Oct 25 12:12 UTC | HN request time: 0.21s | source
Show context
michaelmauderer ◴[22 Oct 25 12:36 UTC] No.45668112[source]
The problem here is not the law, but malicious compliance by websites that don't want to give up tracking.

"Spend Five Minutes in a Menu of Legalese" is not the intended alternative to "Accept All". "Decline All" is! And this is starting to be enforced through the courts, so you're increasingly seeing the "Decline All" option right away. As it should be. https://www.techspot.com/news/108043-german-court-takes-stan...

Of course, also respecting a Do-Not-Track header and avoiding the cookie banner entirely while not tracking the user, would be even better.

replies(27): >>45668188 #>>45668227 #>>45668253 #>>45668318 #>>45668333 #>>45668375 #>>45668478 #>>45668528 #>>45668587 #>>45668695 #>>45668802 #>>45668844 #>>45669149 #>>45669369 #>>45669513 #>>45669674 #>>45670524 #>>45670593 #>>45670822 #>>45670839 #>>45671739 #>>45671750 #>>45673134 #>>45673283 #>>45674480 #>>45675431 #>>45678865 #
crazygringo ◴[22 Oct 25 12:52 UTC] No.45668318[source]
No, the problem is 100% the law, because it was written in a way that allows this type of malicious compliance.

Laws need to be written well to achieve good outcomes. If the law allows for malicious compliance, it is a badly written law.

The sites are just trying to maximize profit, as anyone could predict. So write better laws.

replies(20): >>45668365 #>>45668389 #>>45668443 #>>45668540 #>>45668630 #>>45668809 #>>45668823 #>>45668886 #>>45669084 #>>45669675 #>>45670704 #>>45671579 #>>45672352 #>>45672518 #>>45672991 #>>45673713 #>>45674575 #>>45675918 #>>45676040 #>>45676756 #
hananova ◴[22 Oct 25 13:14 UTC] No.45668630[source]
But the law never allowed this. Enforcement just turned out to be an issue due to the enormity of it all.

Also, please remember that in Europe there is no such thing as "the spirit of the law versus the letter of the law." The intent of the law IS the law.

replies(5): >>45668693 #>>45668755 #>>45676087 #>>45679328 #>>45680078 #
ahnick ◴[22 Oct 25 13:23 UTC] No.45668755[source]
If you can't enforce the law, then it is a bad law. Also, this is a problem that naturally solves itself over time, so no law was ever needed. The UX of the web degraded for everyone after GDPR was passed and that I think everyone can agree on.

If people care about privacy, then over time they will migrate to companies and services that respect their privacy. Government laws are broad based policies that always lack nuance. This is why it is better to let markets drive better outcomes organically.

replies(4): >>45669234 #>>45669688 #>>45670030 #>>45670151 #
Kbelicius ◴[22 Oct 25 13:56 UTC] No.45669234[source]
> If you can't enforce the law, then it is a bad law.

It isn't that this can't be enforced, it just lagged because of the size and changes that this law brought.

> Also, this is a problem that naturally solves itself over time, so no law was ever needed.

How does it solve itself?

> The UX of the web degraded for everyone after GDPR was passed and that I think everyone can agree on.

Due to website operators doing illegal things.

> If people care about privacy, then over time they will migrate to companies and services that respect their privacy.

Why would people care about something they don't know about?

replies(1): >>45675499 #
ahnick ◴[22 Oct 25 21:39 UTC] No.45675499[source]
> It isn't that this can't be enforced, it just lagged because of the size and changes that this law brought.

How long have these laws been out and we are still dealing with these issues. They seem to have gotten worse, not better.

> How does it solve itself?

People build services that don't track others and people pay for those services. It's pretty simple.

> Due to website operators doing illegal things.

If it was so illegal it would be stopped, but apparently businesses are indeed complying with the law.

> Why would people care about something they don't know about?

It's well known that cookies track you across sites and some people choose not to use those sites. The sites are required to disclose this information, so users are definitely aware.

replies(1): >>45679738 #
1. Kbelicius ◴[23 Oct 25 08:57 UTC] No.45679738[source]
> How long have these laws been out and we are still dealing with these issues. They seem to have gotten worse, not better.

No, they have gotten better. Earlier reject all was barely seen on the internet. Now it is on the majority of places or at least in much more places. How is that getting worse? Can you please explain how it has gotten worse or why you think it has gotten worse?

> People build services that don't track others and people pay for those services. It's pretty simple.

How would an average individual know that a service is tracking them if the service doesn't need their consent for it?

> If it was so illegal it would be stopped, but apparently businesses are indeed complying with the law.

GDPR art. 7.3:

"The data subject shall have the right to withdraw his or her consent at any time. 2The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 3Prior to giving consent, the data subject shall be informed thereof. 4It shall be as easy to withdraw as to give consent."

So the law states that it must be as easy to reject cookies as to accept. That means that it is illegal to hide reject all.

In the parent post of this thread there is even a link about a court case:

https://www.techspot.com/news/108043-german-court-takes-stan...

So has your opinion with this information changed on who is to blame for the bad UX? If not, why not?

> It's well known that cookies track you across sites and some people choose not to use those sites. The sites are required to disclose this information, so users are definitely aware.

Maybe now, because of GDPR forcing site operators for asking consent to being tracked. But you said that it would happen organically without GDPR. I'm confused, even you, in the last sentence say that sites are required to disclose information but that is because of GDPR. It isn't the market somehow reaching that point organically. So which is it because you seem to agree that GDPR is needed but at the same time you are saying that it isn't needed and the market would sort it out. I'm really confused now.