undefined | Better HN

0 pointselondaits2y ago0 comments

Cookie consent popups are not mandated by the GDPR (the EU privacy law), they’re just a stupid (and often infringing) reaction to it.

The GDPR disallows tracking without consent, but more in the spirit of “don’t track” than “get consent”. It also specifies that conditions should be clear, and that not granting consent (or withdrawing it) should be as simple as granting it. It even specifies that sites that request private information from kids should be clearer, because they need to understand what they’re accepting even if their guardians will provide the consent.

0 comments

2 comments · 1 top-level

orangecat2y ago· 1 in thread

Cookie consent popups are not mandated by the GDPR (the EU privacy law), they’re just a stupid (and often infringing) reaction to it.

They're an entirely rational and predictable reaction to it. If you're trying to regulate bad actors, it should be utterly unsurprising when they game the easily gameable rules.

The GDPR disallows tracking without consent, but more in the spirit of “don’t track” than “get consent”.

Then it should actually ban tracking, without the loophole of "you can track as long as you get the user to click a button, also you can't offer them anything in exchange for doing so". That's just asking for all the dark patterns we've gotten.

TeMPOraL2y ago

> They're an entirely rational and predictable reaction to it.

The problem isn't that. The problem is that people are being convinced that malicious compliance is somehow the EU's fault. This is clearly the bad actors being bad; the thing that's being gamed isn't GDPR, but publicity around it. As in, the EU should probably invest some money in naming and shaming actors complying in bad faith (if at all).

j / k navigate · click thread line to collapse