Again, then why does the EU do this? Clearly its not simply about erroding confidence in GDPR if the EU is literally doing it themselves.

Besides, you seem to be confusing something.

GDPR requires explicit explanation of each cookie, including these 1000s of trackers. It in no way bans these. This is just GDPR working as intended - some people want to have 1000s of trackers and GDPR makes them explain each one with a permission.

Maybe it would be nice to not have so many trackers. Maybe the EU should ban trackers. Maybe consumers should care about granular cookie permissions and stop using websites that have 1000s of them because its annoying as fuck. But some companies do prefer to have these trackers and it is required by GDPR to confront the user with the details and a control.

> billion trackers ... dark patterns

Straw man argument.

The rule equally applies to sites with just one tracker and no dark patterns.

You don't need a cookie banner for authentication/shopping basket cookies, since these are essential.

However, you are still required to provide a list of essential cookies and their usage somewhere on the website.

I dont think you actually need a cookie for that, technically. But I take your point.

What about trackers which they want to set immediately on page load? Just separate prompts for each seems worse than 1 condensed view. You might say "but trackers suck - I don't care about supporting a good UX for them" and it would be hard to disagree. But I'm making the point that its not malicious compliance. It would be great if people didn't use trackers but that is the status quo and GDPR didn't make theme illegal. Simply operating as normal plus new GDPR compliance clearly isnt malicious. The reality is cookie banners everywhere was an inevitable consequence of GDPR.

you CAN use analytics! Just need to use first party analytics... it is not so hard to set up, there are many opensource self-hosted options.

I hate how everyone and their mother ships all my data to google and others just because they can.

In terms of whether or not the ubiquity of cookie banners is malicious compliance or if it was an inevitable consequence of GDPR, it doesnt matter if trackers are good or necessary. GDPR doesn't ban them. So having them and getting consent is just a normal consequence.

We can say, "Wouldn't it have been nice if the bad UX of all these cookies organically led to the death of trackers," but it didn't. And now proponents of GDPR are blaming companies for following GDPR. This comes from confusing the actual law with a desired side effect that didn't materialize.

OK sounds great.

But some companies prefer to have trackers. They are required by GDPR to explain each cookie and offer a control for permissions. They probably had trackers before GDPR too. So how is that malicious compliance? They are just operating how they did before except now they are observing GDPR.

It sounds like maybe you just want them to ban trackers. Or for people to care more about trackers and stop using websites with trackers (thereby driving down trackers) Great. Those are all great. But none of them happened and none of that is dictated by GDPR.

This very article is about how we're getting a central browser control, and your comment was "can we finally get a central browser control instead?".

Only in very simple ways.

Realistically, you want to know things like, how many users who looked at something made a purchase in the next 3 days? Is that going up or down after a recent change we made?

Many necessary business analytics require tracking and aggregating the behavior of individual users. You can't do that with server logs.

Not for the amount of stuff on the web now that is client-side rendered.

uBlock blocks most of those for me lately.

You can fix that. I use an extension called "I don't care about cookies" that clicks "yes" to all cookies on all websites, and I use another extension* that doesn't allow any cookies to be set unless I whitelist the site, and I can do this finely even e.g. to the point where I accept a cookie from one page to get to the next page, then drop it, and drop the entire site from even that whitelist when I leave the page, setting this all with a couple of clicks.

* Sadly the second is unmaintained, and lets localStorage stuff through. There are other extensions that have to be called in (I still need to hide referers and other things anyway.) https://addons.mozilla.org/en-US/firefox/addon/forget_me_not.... I have the simultaneous desire to take the extension over or fork it, and the desire not to get more involved with the sinking ship which is Firefox. Especially with the way they treat extension developers.

https://addons.mozilla.org/en-US/firefox/addon/cookie-autode... does a similar thing.

There could be an extension to block the banners, too. I think uBO has a feature to block certain CSS classes?

The website wouldn’t inform you about which cookies are doing what. You wouldn’t have a basis to decide on which cookies you want because they are useful versus which you don’t because they track you. You also wouldn’t be informed when functional cookies suddenly turn into tracking cookies a week later.

The whole point of the consent popups is to inform the user about what is going on. Without legislation, you wouldn’t get that information.

Because it's not like the browser has two thousand cookies per website, it only has one and then they share your data with the two thousand partners server-side. The government absolutely needs to be involved.

Not all cookies are bad for the user, for instance the one that keeps you logged in or stores the session id. Those kind were never banned in the first place.

Blocking cookies locally doesn't allow you to easily discriminate between tracking and functional cookies. And even if the browser had a UI for accepting or rejecting each cookie, they're not named such that a normal user could figure out which are important for not breaking the website, and which are just for tracking purposes.

By passing a law that says "website providers must disambiguate" this situation can be improved.

If there's no regulation, nothing stops a website from telling hundreds of third-party entities about your visit. No amount of fiddling with browser settings and extensions will prevent a keen website operator from contributing to tracking you (at least on ip/household level) by colluding with data brokers via the back-end.

Of course, let ME decide if I want to keep fdfhfiudva=dsaafndsafndsoai and remove cindijcasndiuv=fwíáqfewjfoi. I know best what those cookies do!

Because it's not about cookies. Ad trackers shouldn't store my precise geolocation for 12 years for example: https://x.com/dmitriid/status/1817122117093056541

No it doesn't. A website's own preferences fall under the 'necessary for site functionality" exception.

Besides how many sites actually have this as the only reason for cookies? Every time I get a new cookie banner I check it and there's always lots of data shared with "trusted partners". Even sites of companies that purely make money off their own products and services and shouldn't need to sell data. Businesses are just addicted to it.

The only provision I like is that they may only ask once every 6 months. However personally I wish that they'd make it a requirement to honour the do not track flag and never ask anything in that case. The common argument that browsers turn it on by default doesn't matter in the EU because tracking should be opt-in here anyway so this is expected behaviour. The browsers would quickly bring the flag back if it actually serves a purpose.

I'll keep blocking all ads and tracking anyway.

The implementors of the banners did it in the most annoying way, so most users will just accept all instead of rejecting all (because the button to reject all was hidden or not there at all), check steam store for example their banner is non intrusive and you can clearly reject or accept all in one click.

The law wasn't poorly written, most websites just don't follow the law. Yes, they're doing illegal things, but it turns out enforcement is weak so the lawbreaking is so ubiquitous that people think it's the fault of the law itself.

people intentionally made the banners annoying or tried to make the reject button smaller / more awkward so that they could keep tracking.

Definitely a failure of enforcement, but let's not pretend that was good faith compliance from operators either

I'd settle for companies obeying the letter of the law. They don't do that either.

> Attempts at "compliance" made the web browsing experience worse.

Malicious compliance made the web browsing experience worse. That and deliberately not complying by as much as sites thought they could get away with, which is increasing as it becomes more obvious enforcement just isn't there.