Leave it to the browser to opt out of cookies
Any website following GDPR guidelines presents annoying preference options regarding which cookies the user wishes to accept. Some sites categorize the cookies from "cookies needed for functionality" all the way to "third party advertiser cookies"
I'd like to be able to pre-define what kind of cookies to accept in my browser.
Since most content providers won't like the approach I think it might have to be legislated, since most users would probably opt for "cookies required for functionality"
16 comments
[ 1.7 ms ] story [ 35.8 ms ] thread> Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
This is something that sounds good in theory, but in practice may be counterintuitively a bad solution that makes people less safe when you take into account how UX and human nature works.
Most people don't read these forms. You're training people to instinctively click on any clickable buttons they see on page load to make the annoying banners go away as fast as possible. It's much easier for shady characters to get people to give up some permission that actually matters in this environment or agree to something awful that might actually harm them.
This is doubly a problem on mobile, where the limited screen size means that you can't see anything unless you click on the shiny banner button.
> And as an user you should be annoyed and seek websites that respect you better.
To me, real respect means not wasting my time doing busy performative theater.
However people choose to deal with cookies is a problem that should be handled on the browser level, not with every website trying to write their own explanation and have some cookie management consent form.
Also, what you describe sounds a bit like the “do not track” failure.
It is really weird seeing people apologize for this clunky piece of legislation. "That's how it is supposed to be: a qualitative step down all across the internet."
You know what people do to get around this trashfire? They install adblockers.
The legislation could be improved of course, but personally I think these consent forms are fine. And it tells me immediately which website “value my data“.
> Any website following GDPR guidelines presents annoying preference options regarding which cookies the user wishes to accept.
That's not true. If a website wants to spy on you, it needs your consent. GDPR doesn't require websites to spy on you, that's 100% on the owners of the website.
Also, GDPR is not only about cookies, it is about tracking in general. For example, collecting IP address and device fingerprint is also considered tracking, although it doens't use cookies.
The GDPR does not require consent for cookies.
HOWEVER, if you are using those cookies to track or spy on me (advertisers take a bow) then you need to ask my explicit permission to do so. And so you should.
(Take away your scummy business model, and you remove the need for cookie banners).
The scummy business model used by advertisers is to deliberately make it inconvenient to opt out of their tracking.
All that is needed by GDPR is a simple 'tick yes' to opt in to tracking if you wish to be tracked or personally identified. (No need to ask permission for 'ordinary' cookies).
You should ask yourself why you are doing business with companies with such as shady business model.
The inability to easily reject tracking cookies is not a technical problem. It's a problem of lobbying and malicious compliance by megacorporations living off web surveillance. They will subvert (P3P), ignore (DNT), or replace (FLoC) every technology that makes it easy to reject tracking cookies. They will fight every law and smear every institution that tries to mandate use of any easy tracking-rejecting technology.