> "The announcement says it wants to "protect consumers", but it changes user tracking from opt-in to opt-out... "
The cookie-blocking features in modern browsers (except Chrome, probably, haha) effectively make tracking opt-in anyway, don't they? The cookie pop-ups are pretty redundant today.
Not to suggest that this makes all the down sides of Brexit worthwhile, but it does make me happy that this can now be addressed. Cookie popups seriously harm the usability of the web and have been one of the most highly visible and ill-conceived pieces of EU legislation.
I guess anti-GDPR won. So-called "Cookie popups" are about so much more than cookies. Looks like anti-GPDR marketing managed to make even technically-literate people unaware of their rights.
If you're using a menstruating-cycle app, GPDR will protect you against the app owner publicizing your name that you're pregnant, and thus protect you against anti-abortion mobs, if you wish to abort. A cookie banner wouldn't do that. Because GPDR is NOT about the cookies.
If we were to speak exclusively about tracking (which is, again, a very very small part of GPDR), even simply dismissing as a browser-side "feature" is yet another brainwashing win from anti-GPDR marketing. The number of ways to track people in a browser is infinite. From canvas rendering, to DRM, from cache leakage to window size. Hell, even the GPDR banners explicitly say so! Most GPDR banners now contains an option to allow site owner to fingerprint your browser to track you.
Considering the way we went with browsers (was it right adding so many features? I don't know. But the effects are there), we CAN NOT put this on browsers, it is technically impossible. If Google wants to prove the world that it is possible, fine, I'll grab popcorn. But at the moment they are not even trying.
So no, history has proven again and again that those privacy issues can not be handled technically. Only through regulation can privacy be preserved.
I think the really crazy thing about the cookie banner stuff is that it’s actually nothing to do with GDPR: it’s almost entirely about the ePrivacy Directive of 2002. Yes, 2002. (At that time it was opt-out, but you still had to disclose clearly; in 2009, it was revised to opt-in, and there was again very minor fuss but not much compliance.) It’s just that most people didn’t do much about it until GDPR came along, and then people conflated the two.
> "If you're using a menstruating-cycle app, GPDR will protect you against the app owner publicizing your name that you're pregnant, and thus protect you against anti-abortion mobs, if you wish to abort. A cookie banner wouldn't do that. Because GPDR is NOT about the cookies."
Absolutely. I'm not arguing against GDPR, which includes many important rights and protections that don't have much to do with cookies. I'm arguing against intrusive and pointless cookie pop-ups.
> The cookie-blocking features in modern browsers (except Chrome, probably, haha) effectively make tracking opt-in anyway, don't they?
Browsers are generally only working on stopping cross-site tracking, but cookie banners are needed even for first-party cookies (ex: local telemetry, shopping carts).
You do for the way shopping carts are usually implemented. Say you put something in your cart, close the browser, and reopen it the next day. On basically all sites, the item is still in your cart, but that requires cookie consent because it isn't "strictly necessary in order to provide an information society service explicitly requested by the subscriber or user".
I agree with the interpretation that you can just leave it in the cart forever.
Mechanically if you add something into a physical shopping cart it will remain there forever until you take it out. But legally the pdf has the claim "a merchant could set the cookie either to persist past the end of the browser session or for a couple of hours" [1] and to me that means indefinitely or a few hours.
Yes, but usually cross-site tracking is the creepy stuff that people are concerned about. I don't have much of a problem with first-party cookies, personally, but some browsers (Firefox) are now offering "Enhanced cookie clearing", which can automatically clear first-party cookies at the end of each session, configurable per site.
And every browser offers a private browsing mode which is more or less the same effect.
The cookie-blocking features in modern browsers (except Chrome, probably, haha) effectively make tracking opt-in anyway, don't they? The cookie pop-ups are pretty redundant today.
Not to suggest that this makes all the down sides of Brexit worthwhile, but it does make me happy that this can now be addressed. Cookie popups seriously harm the usability of the web and have been one of the most highly visible and ill-conceived pieces of EU legislation.