Says the site that only offers one big button "accept" to its cookies :( :( There's no "Nope".
Edit: Weird, some people seem to have received more options than me. For me there was just one option to accept (Zustimmen) and nothing else. Everything was in German but I read German anyway. I was on mobile though, perhaps this is why? I can't see it again because I already pressed it.
A practice (pay or accept cookies) which was actually ruled in breach with GDPR but many German sites seem to do this somehow.
I agree with the criticism on Firefox but this is very hypocritical. Heise used to be a good company. I even used to subscribe to C'T and iX.
My current process for "modal asking any consent when I just jumped in the page and don’t have any certainty there is something there I am looking for" is
- does reader view toggle works? if yes, consult, end here
- am I really looking for some information that might be there? if "no I just clicked a link from somewhere on the internet", then end here
- still here? Hey, what about looking at the DOM, if the information looked for is not a simple small segment of text, there are good chances a few CSS/HTML tweak will reveal this. Got it? end here, though you might consider to automate this process with Greasemonkey if this domain often fall in your research.
- no luck so far? It’s ok, you know Internet is vast, there are plenty of other page to visit. WTF are you doing here anyway, don’t you have a job, hobbies and people to cherish? And what about a small walk, you look like you need some fresh air, you know?
I get a different banner - it's a huge square with a wall of German text that I can't understand. There are three buttons, also in German, and I have no idea which button to press. Guess I won't be reading the article.
These dark patterns will prevail. However, I honestly expect their reasoning to be "every single user reading heise.de should have a cookie banner blocking enabled in their Ad Blocker". Also, I think you can accept it for free when you click "Einstellungen", this is not golem.de.
they will not prevail, unless we collectively let them do so. they are already probably in breach of GDPR, and I don't see the EU backing down on this stuff.
Collectively? More people have no idea what the GSPR even is, what cookies are, what the question even means, and just randomly click a button.
The only way to get some collective action from 99.999% of web users, would be to get multiple high profile media personalities to endlessly, repeatedly tweet about it... along with a catchy jingle.
Users would still have no idea about anything privacy related, but maybe 10% would do as commanded by their idols.
But even then, it's a bit hypocritical writing an article slamming firefox for this at least allegedly privacy-sensitive adtracking. While requiring readers to consent to tracking from your however many ad partners :P
Having only "accept all" and say "configure", or even a highlighted "accept all" and a very small or even just unhighlighted "deny all" is against GDPR. IIRC:
- choices presented must have the same visual weight (e.g for buttons)
- there must be no default choice preselected (e.g for radio/toggles)
- the fallback when no choice is made (e.g a dismissal or a "failure to display" a.k.a bug or nag blocker) must be equivalent to deny all
Instead we get this mess because enforcement requires litigation from users and these companies make just enough to claim "oh we thought it was Ok plus we go through a off the shelf pluggable third party so not on us" plausible deniability.
> If the data subject's consent is to be
given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive
to the use of the service for which it is provided.
> Consent should not be regarded as freely given if the data subject has no genuine or free choice or is
unable to refuse or withdraw consent without detriment.
> Example 6a: A website provider puts into place a script that will block content from being visible except
for a request to accept cookies and the information about which cookies are being set and for what
purposes data will be processed. There is no possibility to access the content without clicking on the
“Accept cookies” button. Since the data subject is not presented with a genuine choice, its consent is
not freely given.
> 41. This does not constitute valid consent, as the provision of the service relies on the data subject clicking
the “Accept cookies” button. It is not presented with a genuine choice.
> The use of pre-ticked opt-in boxes is invalid under the GDPR. Silence or inactivity on the part of the data subject, as well as merely proceeding with a service cannot be regarded as an active indication of choice.
> In the digital context, many services need personal data to function, hence, data subjects receive multiple consent requests that need answers through clicks and swipes every day. This may result in a certain degree of click fatigue: when encountered too many times, the actual warning effect of consent mechanisms is diminishing.
> This results in a situation where consent questions are no longer read. This is a particular risk to data subjects, as, typically, consent is asked for actions that are in principle unlawful without their consent. The GDPR places upon controllers the obligation to develop ways to tackle this issue
Edit: Weird, some people seem to have received more options than me. For me there was just one option to accept (Zustimmen) and nothing else. Everything was in German but I read German anyway. I was on mobile though, perhaps this is why? I can't see it again because I already pressed it.
A practice (pay or accept cookies) which was actually ruled in breach with GDPR but many German sites seem to do this somehow.
I agree with the criticism on Firefox but this is very hypocritical. Heise used to be a good company. I even used to subscribe to C'T and iX.