If the industry didn't want cookie popups, perhaps they should have respected the DNT header[1].
It's really simple, you'll get no more cookies ever. That tracking vector is totally disabled and you have full control over it. There's absolutely no need for a cookie banner for a person to be free of cookies.
https://support.mozilla.org/en-US/kb/block-websites-storing-...
Didn't work, instead many more people (at least here in EU) are now aware how how bad the spying has become.
If you would refrain sharing that info, you wouldn't need to ask for consent. There is no law that asks for cookie popups
Still, the GDPR obviously had some "bugs" which let companies get away with basically showing you "we're tracking you, click OK". Which is a waste of time for the companies and users and doesn't improve users' privacy in any way. So, it was a faulty law that caused damages
But there is also the e-privacy directive (older than GDPR) that does require a cookie popup for any cookie not strictly required to deliver the service. Regardless of whether it tracks PII. So this also applies if for example you only want to know whether someone is a returning visitor or a new visitor without storing any identifier.
They not only do some shoddy attempt of malicious compliance, they don't even do it actually right, for example EU law says if you have an accept all button, you must have a reject all button, but they don't do that.
Also the law doesn't give an exception for "legitimate interest", yet when you open their menu to disable manually everything (that by the law, should be disabled by default, except cookies essential to keep the site working), they have a bunch of random tracking cookies enabled because it is "legitimate interest". I think the only reason they weren't sued out of existence yet, is because it is a US company, thus they don't have to actually follow EU laws or something. (or they act like that, at least, I am not a lawyer).
EDIT: linkedin link to the offending company: https://www.linkedin.com/company/getadmiral/
The EU essentially mandated popups.
There are times when a feature is used in a way which was not intended by the developers. Now do the developers have to publish their test scenarios?
What if the bug is in 3rd party library? Add to it the complexity of open-source code.
It will probably be similar to when a physical product is defective because of a faulty 3rd party component.
More importantly, as a professional software developer, the testing of my product should find problems in 3rd party components. If I chose poorly and the 3rd party component doesn't do what it's supposed to do, that's my responsibility. I can't just slough it off onto someone else.
Does that mean that say a security vulnerability in openssl is a responsibility of all software which uses them? I think its unreasonable to expect software projects/products to find things like heartbleed.
What about bugs in kernel/OS? How many user-mode software can find bugs in kernel/OS?
Why do directives even exist? Because the legal landscape can be widely different between EU countries. Directives give every country flexibility in implementing them in a way that is consistent with the way their laws work, existing precedents, etc. The downside is obviously that the implementations will somewhat differ from country from country.
This means that unless the implementations between countries are fairly consistent, the definition of what working as intended means will vary from country to country.
It's not a bad first approximation to expect courts in EU to very sensible and fair.
I think the vendor will need to be a lot more clear about what the supported use case is; and what use cases aren't supported.
By that I mean, in order to use any software product, you will need to phone home and what you do is logged on a server. This way, the vendor may be able to find a way to blame you for a violation.
All software is covered, sold, licensed, embedded, rented.
Even the cloud services tied to products are covered.
With this, maybe that option will be gone, companies can blame the EU for requiring a internet connection and the user is stuck being logged/spied on agreeing to this via an EUL.
When a product is repaired and upgraded outside the original manufacturer’s control, the company or person that modified the product should be held liable.
Will we see companies sue repair shops or compatible component manufacturers in order to prevent potential injury to their customers. Interesting times.
But conversely: Should the original manufacturer be responsible if somebody installs hacked-up "performance" software in a car ?
Of course not!
In EU I've heard more about ransomware in general and the behavior of Microsoft and Oracle in license negotiations and "audits" in particular.
But the overall tenor is that politicians have had it up to here with the IT industry's "What me worry?" attitude to quality, responsibility and liability.
CMIIW, but this appears to be an attempt to clarify who is at fault when a device malfunctions due to software issue and allow a manufacturer in Czechia to use software from Poland without dealing with differences on Czech and Polish laws and regulations over software.
The gist is, there are about ~30 countries that have their own laws and regulations(the exact number differs because it's not just the EU-only thing) and EU swoops in, makes up a regulation and tells all the members states and associated countries to align their laws and regulations with the EU stuff and you end up with 30 or so countries that have about the same laws and regulations instead of 30 very different laws and regulations. As a result, you don't have to deal with the laws of 30 countries - at least that's the idea but AFAIK EU is not unified enough to make this as smooth as desired - yet.
FOSS exemption but only for "outside commercial activity" - whatever that will mean.
I guess that guy in Nebraska is safe, but not so sure about my own one-man company.
The EU regulatory bureaucracy on tech, like all bureaucracies, does nothing but serve its own cancerous expansion.
Can't this wording easily be interpreted that commercial entities publishing open source software counts as a commercial activity? Wouldn't that kill corporate sponsored open source overnight? You could even argue Redhat (IBM) would be responsible for every user of any of their linux kernel patches/services no?
If not, what does this wording actually apply to?
I'm not convinced that my one-man company is, since I derive most of my income from FOSS software.
But that seems quite fair to me.
Your total liability went to infinity overnight (in 2026 anyways).
>I'm not convinced that my one-man company is, since I derive most of my income from FOSS software.
It's a bit of a problem that it's hard to even tell as well.
2. […]an economic operator shall not be exempted from liability where the defectiveness of a product is due to any of the following, provided that it is within the manufacturer’s control: (a)a related service; (b)software, including software updates or upgrades; (c)a lack of software updates or upgrades necessary to maintain safety; (d)a substantial modification of the product.
Not sure if (a) or (d) would be more applicable, but I think it would be covered ?
In USA, win or loose, each party pays their own lawyer.
This is why USA has lawyers often work on "contingency" where they nominally work for free, but receive a large fraction of any settlement or award if the case is won.
In the rest of the world, and specifically in EU where this applies, the looser pays the winner's (reasonable) legal fees.
Not saying that lawyers are not greedy in EU, but not in the way USAnians are used to think about lawyers.
So no: This is genuine consumer protection.
As a result, software companies are incentivized to make software full of hardly-used features with limited testing; because there are no consequences when software doesn't do what the claim is.
