- cross-posted to:
- privacy@programming.dev
- cross-posted to:
- privacy@programming.dev
The European Commission aims to reform the EU’s cookie consent rules that have cluttered websites with intrusive banners asking for permission to track user data[1]. The initiative seeks to streamline data protection while maintaining privacy safeguards through centralized consent mechanisms[1:1].
Cookie consent banners emerged from the ePrivacy Directive (Cookie Law) and GDPR requirements, which mandate websites obtain explicit user permission before collecting non-essential data through cookies[2]. Current rules have led to widespread implementation of pop-up notices that interrupt user experience and often employ confusing interfaces.
The proposed changes reflect growing recognition that the existing approach has “messed up the internet” while failing to provide meaningful privacy protection[1:2]. Rather than requiring individual consent on every website, the Commission is exploring solutions like centralized consent management to reduce banner fatigue while preserving user privacy rights.
- The law didn’t mess up the internet, asshole business owners with their bullshit malicious compliance (and spineless devs enabling them) messed up the internet. - Yep, there even was a standard that would have been sufficient, Do Not Track. https://en.m.wikipedia.org/wiki/Do_Not_Track - Even worse, many data agencies will use the Do Not Track flag as an additional datapoint to add to your fingerprint. - This shit should be mandated, with strict “the company has been burned to the ground and the ashes have been salted” levels of penalties for violating it. 
- This! A thousand times THIS! - This is also evidence they never wanted to implement user protection. 
- For the life of me I do not understand how this was not all it took. - Removed by mod 
 
 
- It wouldn’t be hard to add a clause mandating that websites provide an easy-to-access “reject all” button that actually rejects all cookies. - Unless I’m very mistaken rejecting all cookies must not take more clicks than accepting them. Too bad nobody enforces that… - The law should have a bounty for reporting violations and it will basically enforce itself. 
 
- Too many websites like almost all US local news outlets and businesses like Home Depot just block all EU and Swiss IP addresses, which really sucks for a multitude of reasons. 
- Arguably e-privacy and gdpr require a reject all button. 
- I’m seeing more and more of this “pay to reject” thing and it’s really annoying me 
- I’m pretty sure the law already said that the reject button cannot be more convoluted to access than the accept button, corporate websites just couldn’t care less 
- But even when they do, I feel that, after rejecting, I get the same banner again the next time I visit the site. I bet that doesn’t happen when you accept tracking. 
 
- Yes, because of this i skip it, blocking anyway all the crap and cookies I don’t want, as also these cookie advices, only it is annoying because it last some seconds before these got skipped by the filterlist. - This works for a lot of sites: - https://addons.mozilla.org/en-US/firefox/addon/consent-o-matic/ 
 
 
- Instead, ban the collection of non-essential data, and also ban the targeting of advertisements based on user profiles/history - Only select advertisements to display based on the immediate context, exactly like printed newspapers and magazines - That is the right way, ads are a legit manner to create incommings if they are contextual, but not if they are abusive and surveillance based, tracking and logging the user activity. As in YT, it’s not the problem to have ads in the page or as banner at the border of an video, but it is, that the interrupt an conciert documental with several no scippable long ads, popups to use Premium, clickbaits and other crap, which serve nobody, less the author. In this case using an adblocker is mere selfdefense and legit to cut this crap and nags. A good manner is eg. how Bandcamp do it, there you can freely listen almost every song or album, without ads, and there you can buy and download it when you want, paying direct to the artist and Bandcamp an revenue. Or as Vivaldi does, using afiliate links and search engines added by default, which pay an revenue to Vivaldi, if the user use these, who is free to delete those which he don’t use. These and similar methodes are a legit and ethical way to create incommings, without putting in risk the right of privacy of the user, selling his data. 
 
- Think they can ban the “pay, or let us track you” tactic I’ve been seeing pooping up too? That’s fucking extortion. - It is already illegal, but nobody is doing anything about that. - Bet the CNIL is. 
 
- That’s gross man. Where’s it pooping up so I can avoid it? 
- That’s the only honest way to deal with it. They need money. - If extortion is the honest way to do something, a bigger step back is needed. - I’d rather not go to a website because I won’t pay, than refuse their cookies and have them track me anyway through “legitimate reason”. - If you feel extorted you may need to get off the internet and breathe some fresh air. I’m sure you can live juste fine without going to those extorting website. - Quality cost money to produce. If we want to prevent the massive enshitification we may have to question the way we consume internet and re-think the “everything is free” mantra. 
- Extortion is a stretch… They provide content or service for a price, the price is either money you pay or money advertisers pay… - I would not use those sites, but that’s my decision, they aren’t twisting my arm to force me to read their shitty articles… 
 
 
 
- Removed by mod - It’s mainly the US companies, there don’t exist something like GDPR or right of privacy with free hand for big corporations and surveillance advertising. The People ther are too stupid to see it as a risk (don’t forget they voted Trump for the second time, showing that they are stupid as bricks). The problem is that the EU still depends to much on the US hegemony in the Internet. This is the first thing to change, using EU alternatives which exist and often are even superior, to gain sovereighnity. - The US dollar and economy are about to crash. This power can only go so far. I just hope the EU has enough oligarchy independence to sieze some of the marketshare when it happens so maybe there will be some place left with decent Internet regulations. - It’s this the problemm tecnically the EU is on the high, but as always policy, burocrathy and the users themself to use itThe last the most difficult to convince the people to use EU products, insteat of US ones. Everybody using Whatscrap, Fakebook, X, search with Googke, buy on Amazon, use Kindle, M$ Office,…not out of necessity, but out of ignorance and habit. 
 
 
- fluoride. /s - Fluoride? You mean TDazzle? 
 
 
- Ublock Origin’s “Cookie Notice Filter + Annoyances Filter” combo stays winning as always :) - Yes, the Vivaldi blocker use also the same filter, but as said, it skip the popup only after an second, when it finished to load. This filterlist is also used by almost all adblocker too (Adguard, Adblock Plus, uBO lite and others more, same as also specific extensions, like ‘I don’t Care About Cookies’ and others more. This is because these pop ups, apart of anoying, are useless. 
 
- Just mandate a single button to reject all cookies and that the default be “reject all” if users skip the banner. - That doesn’t work, because rejecting all cookies means it’s impossible for the page to remember whether you skipped the banner… so the result is that the banner will always show. - The real solution would be to have this be a browser / HTML standard. Similar to other permissions managed by the browser (like permission to get camera/mic, permission to send notifications, etc)… then each browser can have a way to respond to these requests for permission that we can more fully control/customize… with a UI owned by the browser that is consistent across websites and with settings that can be remembered browser-side (so the request can be automatically denied if that’s what you want). - The law only concerns cookies that are not strictly necessary to provide a service. - So the cookie to remember that you denied all non-necessary cookies could be seen as necessary and thus not require your consent. - @PumpkinSkink@lemmy.world said “reject all”, not “reject optional cookies” or “allow essential”. If the website offers a “reject all” button (which many do, even if that’s not mandated by the law), it actually does reject even the essential cookies. In my experience, the times I’ve chosen to press such button it always result on the banner showing again if you refresh the page. - And “Could be seen as” is subjective too. They could argue that having the banner, even if inconvenient, does not really break the website. They can also easily argue that since the point of the law was to get them to request consent then they are actually being even safer in terms of compliance by asking more. - Also, I still would rather have the possibility of no banners, not even the first time I open the page. The configuration from the browser following the standard could set a default for all websites and potentially avoid the popup to begin with. Then the responsibility would be with the browser, not the website. - I still would rather have the possibility of no banners, not even the first time I open the page. - Oh that’s entirely possible, even with the current law as it is. All the developer has to do is to stop using cookies for anything that is not related to the functionality of the website. - But of course, the adtech bros won’t give up on their precious tracking, so they’d rather try and shift the blame with an empty argument along the lines of “Hey, the bad EU law is forcing us to bother you.” - Yeah, that’s why I’m saying that the current solution does not work. It’s why I was proposing a new standard that is enforced by law and that does not depend on subjective definitions of what’s “essential” so anyone who does only want to allow certain purposes can opt in/out of certain cookies without the hassle. 
 
 
 
 
 
- Problem is not the law, but that the companies implemented it in as annoying of a way as possible to get people pissed off about the law and force it to be dropped, or for what actually happened which is that it’s too much work to not opt-in to the cookies which essentially makes it opt-out not in. - And the idea to remove the requirements for “simple statistics” or whatever terminology they use will just get abused by using other illicit tracking tech to link the cookies to uniquely identify a person anyway. So it will effectively make the popups unnecessary in any circumstances and still allow tracking for marketing and surveillance. - Some websites do it right. They have a “reject all” button, and that’s that. But then there are others where you have to deselect a whole shit load of checkboxes just to reject the fucking cookies. Sometimes they even have a “Pay to reject” shit. WTF. Ugh. - That’s illegal. Report it to the government. Google got fined millions of euros just for making it two clicks on YouTube. 
 
- The law requires them to make a one button option to deny all. - Google got fined millions of dollars for making it two clicks. And then they changed it to one click “reject all” after that. - Right, but not all have fixed that. I still see lots of cases where I have to turn off several options individually. Though these could be sites outside of the EU jurisdiction, so they just don’t care, or sites that make enough money off of the tracking data, that the fines would be insignificant even if the EU were to get around to fining them. - And again the comment stands that it’s not the law, but the implementations that are bad. The law requires it to be simple, but that’s not what was implemented. - The fines are not insignificant. Report it to the government. 
 
 
- Ghostery is a fantastic Firefox plugin. No more stupid questions. 
 
- It’s funny, this is how you see how politicians act when they are personally involved. - Cookies and banners annoys the shit out of them, so they actually do something. - They don’t care about the internet. 
- Just make companies respect the do not track flag I can select in the browser. - Denmark (currently presiding over meetings in the Council of the European Union) suggested in May to drop consent banners for cookies collecting data “for technically necessary functions” - That already doesn’t require consent - or “simple statistics." - Also doesn’t require consent, when the statistics are anonymous. 
- This is like one of the only banner type things I like. 
- The idea that there are “essential” cookies is what broke the law. There is no such thing, there are only cookies which would mildly confuse the average user if they weren’t present. People should still have the option to opt out of th se cookies as well. - That is factually incorrect. Many websites would literally stop working. Not “mildly confuse”, but “be unusable”. - You ever logged in to a website? That’s a cookie. Ever used an online shopping cart? That’s a cookie. Ever changed a websites language in a dropdown? That’s a cookie. - All these cookies are first party. There are also essential third party cookies for thing like SSO (“sign in with google/Facebook/github/etc”) - Tell your browser to reject 100% of cookies and tell me how much fun that is. - “Legitimate Interest” is the bullshit term. Why does an ad company have a legitimate interest to my data? That should be removed from the law. - “Essential” is still very vague. All purposes should be categorized. If used for session/identity, then it should be categorized as “session/identity”, there should not be a category defined as “essential”. - You can also make a karaoke page that does not work without access to the microphone, but still the browser has a dedicated permission request for this, it does not get mixed up into a bucket of generic “essential” permissions only because that page doesn’t work without using the microphone. - There should be a whole HTML standard similar to the - Notification.requestPermission()(which requests permission to send browser notifications), but with a granular set of permissions for storage of data for different purposes.- And this should be a browser standard, not a custom popup in the logic of the website itself that will be styled differently on each page, allowing all sort of anti-patterns. I should be able to control, from the browser, what the defaults should be for each individual category of data, without having to click through every single website I visit individually. The UI to request for consent should be controlled by the browser, not by the page. 
 
 
- 🍾 🎆 
- just use consentomatic plugin 
- This is like when legislatures where made to ban plastic straws by the oil and plastic companies. 
 They knew the backlash would teach legislature to stop meddling in their affairs.
- I can hear the lobbyists (both civil society and big tech, mainly the big tech ones) marching towards Brussels right now. This will be as heated as the Digital Markets Act. - Fighting is expected to flare up again next year, when the Commission wants to present an advertising-focused piece of legislation called the Digital Fairness Act. The executive has stated that the rulebook will help protect consumers online, including from manipulative design or unfair personalization. 












