Not a radical idea. The EU is already working on it.
> […] the Commission is pondering how to tweak the rules to include more exceptions or make sure users can set their preferences on cookies once (for example, in their browser settings) instead of every time they visit a website.
DNT header already does this. Explicit denial of consent. Reaches their servers before everything else so they have no excuse and zero room for maneuvering.
Now the EU just needs to turn it into an actual liability for corporations. Otherwise it will remain as an additional bit of entropy for tracking.
They can't. The website may very well do the opposite of the preference DNT signals. Meanwhile, proving in a court of law that the tracking still happens will be hard.
Services should be denied the capacity to track and fingerprint, not just told about a preference against it.
DNT will always be an "evil bit", regardless of any law behind it.
> They can't. The website may very well do the opposite of the preference DNT signals. Meanwhile, proving in a court of law that the tracking still happens will be hard.
Its not hard when it comes to any website of note, large companies can't easily hide what their computers are doing really, if they have code that tracks people it is gonna be found.
DNT is considered deprecated in favor of GPC, which has legal backing in places with internet privacy laws. Funnily, Chrome still supports DNT but you need an extension to send a GPC header. Almost like the advertisement company wouldn't want people enabling legal privacy protections.
GPC compliance is already the law in California. I don’t know why the EU has been so slow at making it legally binding. That said, existing cookie popups that don’t have “Reject All” as prominently placed as “Accept All” are already illegal but widespread, in no small part due to deliberate sabotage by the Irish DPA, so don’t expect GPC compliance to fare any better until consumer rights associations like NOYB.eu are allowed to initiate direct enforcement actions.
The fact that it was turned on by default in edge really hurt it as an argument under these laws, because it then turned into a 'well we don't know the user actually selected this' thing. Making it explicitly have the force of law regardless would still be a good thing, though.
No, this wrong. The law says that by default you can't process personal data, unless the user gave consent. That setting matched both the expectation of users and the default as specified by the law.
The story that advertisers don't know what users selected and that somehow allows them to track the user is disingenous.
It doesn't allow them to track, but it does allow them to more convincingly argue that they can nag them about it (I think some regulators in some EU countries have rejected this, but I don't think this is universal). i.e. it makes it ineffective as a means of stopping the annoying pop-ups. Because the companies are basically belligerent about it there needs to be a clear declaration of 'if this header is set you may not track _and_ you may not bug the user about it'
If the user has already indicated that they don't consent by setting the header, you don't ask. If they want to change, make it available as a setting.
(and frankly, the number of users that actively want to consent to this is essentially zero)
Hence why I think the default hurt the initiative. And the header could be set on a per-domain basis, if you wanted that for some reason. I'm curious, why do you consent on such pop-ups?
Because it offers a better experience. The cookies are not pointless to the experience and you need all of them to have the full experience. The legal definition about what cookies are needed does not match reality.
What parts of the experience do you feel are missing if you do not consent to tracking? I have seen one or two cases of malicious compliance where rejecting tracking results in no state being kept, including having rejected it. Keep in mind that the legal definition is based on things that would not be reasonably expected to be kept or distributed in order to provide the service that the user is getting, you can do basically everything except targeted ads or selling user data under that definition, even if people who want to do the above are trying to pretend otherwise.
Targeted ads are part of the experience. They directly affect user satisfaction of the product. Relevant ads can increase user engagement. You may find it strange, but people prefer products with relevant ads.
People prefer products without ads at all. Ads are noise. People's brains literally learn how to filter them out via banner blindness.
People always comment that the internet is "so much nicer" after I install uBlock Origin on their browsers. It's just better, they can't explain why. They don't need to. I know why.
The fact is nobody wants this crap. Ads are nothing but noise in our signal. They're spam. They're content we did not ask for, forced upon us without consent. They do not improve the "experience", at best its impact is minimized.
I always consent as well. They can show much more relevant ads when you consent to cookies. If I block cookies I get generic ads about stuff I don't care about.
Ah, I can't think of any level of relevance that would make me want to see ads, and in areas where I do want to see something, like recommendation systems, I've found that they are better when they are only based on the content I am currently looking at as opposed to based on some profile based on my whole history.
The popup never lets you choose to see fewer ads. It's a common misconception by lay people that you will see fewer ads if you block cookies, but that's not happening of course. So you may as well get relevant ones.
Just today I got an ad for a new theater show in town I'd like to see, I might have missed that if it wasn't for the targeted ad. Did they "manipulate" me into seeing it? I guess so. Do I mind? No, I'm capable enough to decide for myself.
Recipe blogs are mostly "corporations" even if small ones. Most things you find at the top of Google search results aren't just enthusiastic individuals sharing their personal ideas with you but businesses who work hard to make sure you go to their websites rather than better ones.
Counteropinion: agile laws would be absolutely terrible. Either people wouldn't take them seriously because they're going to change in a few minutes anyway, or people would take them seriously and be bound by law by the equivalent of late-night untested code that seemed like it should work.
> […] the Commission is pondering how to tweak the rules to include more exceptions or make sure users can set their preferences on cookies once (for example, in their browser settings) instead of every time they visit a website.
https://www.politico.eu/article/europe-cookie-law-messed-up-...