Coming to a website near you this summer: the European Commission is close to a ‘solution’ that could force people to use their government-issued ID to get online. EDRi and EFF’s concerns about threats to everyone’s privacy and data protection, a chilling effect on access to information, and digital exclusion – harming the already most marginalised in society - remain unsolved.
Hey EU? Do you remember when you forced every website to ask for permission to store cookies and made the entire web immeasurably worse to use without in any way having a positive impact on people’s right to some fucking privacy?
Yeah.
The problem with the cookie law wasn’t the concept of it, it was the EU’s failure to crack down on malicious compliance.
They should’ve revised the law to make it opt-out by default.
If you make it opt out by default, They could just design the software to not let you enter the page unless you opt in. Often get the page opt out get a nice advertisement for the service.
Even using cookies to help with load balancing is a pain in the ass these days. There’s a fuck ton of legitimate reasons to use cookies, If you want to stop tracking, Make it illegal to track people and sell advertising data based on it.
A massive number of people would just not engage with the website if that happened, and they’d give in very fast.
Agreed. The sentiment was fine, the execution terrible.
you’ve never had to ask for permission to store cookies that are required for your site to work. you have to ask for permission for third party trackers to store cookies when people use your site. it’s just that web developers either can’t read or can’t live without letting google track their users’ every move.
That’s also not entirely correct.
You don’t need to ask permission for cookies that are strictly necessary for your site to work. They can contain personally identifiable information (PII) but only to the extent that is strictly required for the functionality to work. If your “required” cookie does anything more than what is strictly necessary (such as collecting more PII than it needs or has built in tracking) you need to ask consent.
If you’re using something like on premise tracking, like Matomo, then you still have to ask permission. There are some exceptions like if you don’t use cookies and you don’t track PII.
And just for extra clarification, if you are collecting PII (for example into logs) you need to ask permission even when you’re not storing any cookies.
yeah but that’s gdpr, not the cookie law.
My bad. For some reason I associate all the consent pop-ups with GDPR as I don’t remember any pop-ups prior to GDPR.
yeah the cookie law was way earlier, like 2010. gdpr was 2016.
we both know it’s the second one :P
What’s wrong with being able to opt out of cookies? This does not seem comparable at all.
The following:
If companies are indulging in abusive use of cookies (or index DB, local storage, plugins or other things) then ban those abusive use of cookies and fine companies that transgress until they stop. The EU essentially caves to industry pressure and put the burden on the individual visitor, which just allowed the companies to make it very, very annoying to opt out. Have you noticed how ‘allow all’ is always a single click, but allow none isn’t, if the option exists at all? Regardless, those settings? Guess where they’re stored: Cookies. Which means that those of us who were already preventing local storage of data are now having to deal with those lovely “choices” over, and over and over. Every visit to youtube, every newspaper article we try to read.
This was not an improvement in my quality of life. And I doubt the practical efficacy to boot. Can’t track user behavior and Internet usage patterns by way of cookies anymore? Fingerprinting to the rescue.