I wish there was a browser option "I don't care about being tracked" and that would get rid of all cookie banners (and, more often than not, full page popups).
This EU law comes from a good idea, but it's terribly implemented - it implies that everybody out there is a lawyer and can make sense and agree on multiple pages of confusing legalese, and this every time they open a new website. This is so absurd, and the result is that we're trained to click "ok" on everything and we're tracked all the same. Back where we've started but with more popups.
Also, it isn't the law that has been terribly implemented, although that could be argued as well, but rather the fault lies with the companies that do not want to abide by the law.
There are a few easy ways to check if a website is breaking the law:
- Is it as easy to say "no" to the consent as it is to say "yes"? If not, it's not legal, as the consent is not freely given.
- Is the website setting tracking cookies, or tracking you in some other way, before you have made your choice about the consent? If it is, it's not legal, as the consent must be opt-in not opt-out.
- Is it confusing? Then it's probably not legal, as the consent must be informed.
- Is there a button to "accept all" with no clear list of what you're accepting? Then it's not legal, as the consent must be specific and unambiguous.
Don't you think, that the implementation of the opt out process is what is actually flawed? The law doesn't require you to throw this popup at your users. You can just set the cookies that are techincally required and explain their function in you statement about data usage.
If you want to track people, you can then ask for their consent in some nice, locally served banners, where normally you privacy intruding ad networks would put their third party javascript.
I too find it quite annoying. The other issue is that sometimes the banners do not properly work with various aids for disability and keyboard-operated browsers.
There is the "Do not track" option, but as I understand it's ignored by most websites. That's why I wouldn't mind a "Do what ever you want" option, and in exchange popups are removed.
That's how it was before and I'm not certain that it caused that much harm. Users can always block ads and third-party cookies anyway if they wish to do so.
The EU law does not require these multiple pages of legalese. Not even a little bit.
In fact it says "it shall be as easy to withdraw as to give consent".
So you shouldn't attribute complexity to the EU law, when the law actually insists on simplicity.
It's a myth that the GDPR requires complex forms, or even just banners. One that website operators (mainly 3rd party advertisers and trackers who provide the banners/popups to sites) would like you to believe.
A genuine GDPR-compliant banner/popup is much simpler.
In fact you can make a GDPR-compliant site without any banner/popup/form at all, while still using cookies, logins, shopping carts and analytics etc. You just need to do it in a privacy-respecting way, which isn't hard.
The complexity is website operators attempt to half-comply and half-violate the law, frustrate and arm-twist users into something most people would not agree to if it was easy to decline. The obnoxious complexity is deliberate, to annoy and frustrate you so that you give in to the "easy" option they very much want you to "choose".
This EU law comes from a good idea, but it's terribly implemented - it implies that everybody out there is a lawyer and can make sense and agree on multiple pages of confusing legalese, and this every time they open a new website. This is so absurd, and the result is that we're trained to click "ok" on everything and we're tracked all the same. Back where we've started but with more popups.