undefined | Better HN

0 pointsAngostura5y ago0 comments

b) the cookies are for marketing, which means you must be able to decline without consequences

Nope - 'decline' has to be the default assumption for GDPR compliance. You only need the banner if you want people to opt in.

0 comments

8 comments · 2 top-level

imiric5y ago· 6 in thread

That doesn't prevent dark UI patterns to highlight "Accept" and hide "Reject" as much as possible, or not having a "Reject all" button. Some sites deliberately make you manually click on "Reject" for each "ad partner", at which point I bail out or disable JS or scrape the text if I'm really interested in the content.

The web of 2020 has become a hostile and ad infested place. I miss the simplicity of the 90s, but it might be nostalgia bias.

enriquto5y ago

> That doesn't prevent dark UI patterns to highlight "Accept" and hide "Reject" as much as possible

I giggle every time I find this dark pattern thinking it is the modern equivalent of the ballots for the Austrian Merging referendum of 1938 [1]

[1] https://en.wikipedia.org/wiki/1938_Austrian_Anschluss_refere...

mattrick5y ago

To be fair the web of the early 2000s was full of ads too. I remember a time when people still used Yahoo as their homepage which was basically just a giant ad delivery platform with even more invasive ads than we have today. That's not to say that today is much better. It seems like most sites today try to walk the line between ad revenue and user retention.

marcosdumay5y ago

Yes, it was full of ads, but not tracking. Some ads were targeted to the sites they were displayed, and not to the person reading it.

mattmanser5y ago

The new dark pattern is to default everything off, but then have a separate switch labelled "legitimate reasons", which are all turned on for default.

For example https://www.telegraph.co.uk/ (right wing UK newspaper). In the pop-up it says "You can also review where our partners claim a legitimate interest to use your data and, should you wish, object to them doing so.".

If you click manage it opens with "user consent" selected, where everything is turned off. Click save means they're not going to start tracking you, right?

Wrong, if you switch to "legitimate purpose", you'll see that everything is turned on. All those ad companies claim they have a legitimate purpose to be tracking you, even though you have zero business relationship with them.

Unless the ICO hands out some very heavy fines to those companies, the whole thing's become a farce, just like the cookie law was.

MaxBarraclough5y ago

These dark patterns are very widespread, and are even seen on generally reputable websites like TomsHardware, but are they actually GDPR compliant?

GDPR enforcement is approximately zero, to my knowledge, so I don't know if there's even really an answer to the question.

For what it's worth, Wikipedia gives the impression no-one really knows. https://en.wikipedia.org/wiki/General_Data_Protection_Regula...

lmkg5y ago

Several regulators have made unambiguous statements that they are not compliant. However, they are not very high on the enforcement priorities.

ICO, the UK regulator, seems to take a dim view of dark patterns, but they're only outright banned for children's content: https://ico.org.uk/for-organisations/guide-to-pecr/guidance-...

(PDF) Irish DPA's sweep of thirty-odd websites under its jurisdiction. Lots of good guidance here, but for the point specifically under discussion, ctrl+f "nudge." https://www.dataprotection.ie/sites/default/files/uploads/20... by the DPC on the use of cookies and other tracking technologies.pdf

(PDF) English translation of Greek DPA cookie guidance. See in particular the last page, "Bad Practices." https://iapp.org/media/pdf/resource_center/Greek_DPA_Cookie_...

ATsch5y ago

That's true, but in the context of a popup this means you must be able to deny or dismiss it without consequences.

j / k navigate · click thread line to collapse