| ▲ | nonethewiser 5 hours ago |
| How can you comply with the current requirements without cookie banners? Why would EU governments use cookie banners if they are just nonsense meant to degrade approval of GDPR? |
|
| ▲ | Neikius 4 hours ago | parent | next [-] |
| By not tracking and setting any third party cookies. Just using strictly functional cookies is fine, just put a disclaimer somewhere in the footer and explain as those are already allowed and cannot be disabled anyway. |
|
| ▲ | BadBadJellyBean 4 hours ago | parent | prev | next [-] |
| By not putting a billion trackers on your site and also by not using dark patterns. The idea was a simple yes or no. It became: "yes or click through these 1000 trackers" or "yes or pay". The problem is that it became normal to just collect and hoard data about everyone. |
| |
| ▲ | nonethewiser 4 hours ago | parent | next [-] | | Again, then why does the EU do this? Clearly its not simply about erroding confidence in GDPR if the EU is literally doing it themselves. Besides, you seem to be confusing something. GDPR requires explicit explanation of each cookie, including these 1000s of trackers. It in no way bans these. This is just GDPR working as intended - some people want to have 1000s of trackers and GDPR makes them explain each one with a permission. Maybe it would be nice to not have so many trackers. Maybe the EU should ban trackers. Maybe consumers should care about granular cookie permissions and stop using websites that have 1000s of them because its annoying as fuck. But some companies do prefer to have these trackers and it is required by GDPR to confront the user with the details and a control. | | |
| ▲ | 3 hours ago | parent | next [-] | | [deleted] | |
| ▲ | pseudalopex 4 hours ago | parent | prev [-] | | > Besides, you seem to be confusing something. No. You asked How can you comply with the current requirements without cookie banners? Not How can you have trackers and comply with the current requirements without cookie banners? And don't use dark patterns would have answered this question as well. | | |
| ▲ | nonethewiser 4 hours ago | parent [-] | | >No. You asked How can you comply with the current requirements without cookie banners? Within the context of the discussion of if its malicious compliance or a natural consequence of the law. Obviously you could have a website with 0 cookies but thats not the world we live in. Maybe you were hoping GDPR would have the side effect of people using less cookies? It in no way requires that though. I mean just think of it this way. Company A uses Scary Dark Pattern. EU makes regulation requiring information and consent from user for companies that use Scary Dark Pattern. Company A adds information and consent about Scary Dark Pattern. Where is the malicious compliance? The EU never made tracker cookies or cookies over some amount illegal. | | |
| ▲ | pseudalopex 3 hours ago | parent [-] | | > Within the context of the discussion of if its malicious compliance or a natural consequence of the law. You ignored I said don't use dark patterns answered the question you meant to ask. > Obviously you could have a website with 0 cookies but thats not the world we live in. Maybe you were hoping GDPR would have the side effect of people using less cookies? We were discussing trackers. Not cookies. > I mean just think of it this way. Company A uses Scary Dark Pattern. EU makes regulation requiring information and consent from user for companies that use Scary Dark Pattern. Company A adds information and consent about Scary Dark Pattern. I will not think of it using an unnecessary and incorrect analogy. And writing things like Scary Dark Pattern is childish and shows bad faith. > Where is the malicious compliance? The EU never made tracker cookies or cookies over some amount illegal. The malicious compliance is the dark patterns you ignored. Rejecting cookies was much more complicated than accepting them. Users were pressured to consent by constantly repeating banners. The “optimal user experience” and “accept and close” labels were misleading. These were ruled not compliance in fact.[1] But the companies knew it was malicious and thought it was compliance. Ignoring Do Not Track or Global Privacy Control and presenting a cookie banner is a dark pattern as well. [1] https://techgdpr.com/blog/data-protection-digest-3062025-the... |
|
|
| |
| ▲ | tantalor 4 hours ago | parent | prev [-] | | > billion trackers ... dark patterns Straw man argument. The rule equally applies to sites with just one tracker and no dark patterns. |
|
|
| ▲ | hdgvhicv 4 hours ago | parent | prev | next [-] |
| By not setting a cookie until the user does something active when I then tell them (say on “log in” or “add to basket”. |
| |
| ▲ | watermelon0 3 hours ago | parent | next [-] | | You don't need a cookie banner for authentication/shopping basket cookies, since these are essential. However, you are still required to provide a list of essential cookies and their usage somewhere on the website. | | |
| ▲ | phendrenad2 an hour ago | parent [-] | | This. I don't know why there's a heavy overlap between the "GDPR didn't go far enough" people and not actually reading the GRPR. I'd think they would overlap a lot with people who actually read it. |
| |
| ▲ | nonethewiser 4 hours ago | parent | prev [-] | | I dont think you actually need a cookie for that, technically. But I take your point. What about trackers which they want to set immediately on page load? Just separate prompts for each seems worse than 1 condensed view. You might say "but trackers suck - I don't care about supporting a good UX for them" and it would be hard to disagree. But I'm making the point that its not malicious compliance. It would be great if people didn't use trackers but that is the status quo and GDPR didn't make theme illegal. Simply operating as normal plus new GDPR compliance clearly isnt malicious. The reality is cookie banners everywhere was an inevitable consequence of GDPR. |
|
|
| ▲ | vouwfietsman 4 hours ago | parent | prev | next [-] |
| > Why would EU governments use cookie banners They generally don't, because you don't need banners to store cookies that you need to store to have a working site. In other words, if you see cookie banner, somebody is asking to store/track stuff about you that's not really needed. Cookie banners were invented by the market as a loophole to continue dark patterns and bad practices. EU is catching flak because its extremely hard to legislate against explicit bad actors abusing loopholes in new technology. But yeah, blame EU. And before you go all "but my analytics is needed to get 1% more conversion on my webshop": if you have to convince me to buy your product by making the BUY button 10% larger and pulsate rainbow colors because your A/B test told you so, I will happily include that in the category "dark patterns". |
| |
| ▲ | Neikius 4 hours ago | parent | next [-] | | you CAN use analytics! Just need to use first party analytics... it is not so hard to set up, there are many opensource self-hosted options. I hate how everyone and their mother ships all my data to google and others just because they can. | | |
| ▲ | crazygringo 2 hours ago | parent | next [-] | | Let's not deceive ourselves -- first-party analytics are much, much harder to set up, and a lot less people are trained on other analytics platforms. They're also inherently less trustworthy when it comes to valuations and due diligence, since you could falsify historical data yourself, which you can't do with Google. | |
| ▲ | inkysigma an hour ago | parent | prev [-] | | Can you actually do meaningful analytics without the banner at all? You need to identify the endpoint to deduplicate web page interactions and this isn't covered under essential use afaik. I think this means you need consent though I don't know if this covered under GDPR or ePrivacy or one of the other myriad of regulations on this. |
| |
| ▲ | nonethewiser 4 hours ago | parent | prev [-] | | In terms of whether or not the ubiquity of cookie banners is malicious compliance or if it was an inevitable consequence of GDPR, it doesnt matter if trackers are good or necessary. GDPR doesn't ban them. So having them and getting consent is just a normal consequence. We can say, "Wouldn't it have been nice if the bad UX of all these cookies organically led to the death of trackers," but it didn't. And now proponents of GDPR are blaming companies for following GDPR. This comes from confusing the actual law with a desired side effect that didn't materialize. | | |
|
|
| ▲ | croes 4 hours ago | parent | prev [-] |
| Don’t track your site visitors. No tracking, no banner. Or respect the now deprecated DNT flag, no banner necessary. Now we get DNT 2.0 and the website owner will once again maliciously comply. |
| |
| ▲ | nonethewiser 4 hours ago | parent [-] | | OK sounds great. But some companies prefer to have trackers. They are required by GDPR to explain each cookie and offer a control for permissions. They probably had trackers before GDPR too. So how is that malicious compliance? They are just operating how they did before except now they are observing GDPR. It sounds like maybe you just want them to ban trackers. Or for people to care more about trackers and stop using websites with trackers (thereby driving down trackers) Great. Those are all great. But none of them happened and none of that is dictated by GDPR. | | |
| ▲ | Neikius 4 hours ago | parent | next [-] | | You can have first party trackers. That is not so hard. Every site onto itself is a first party tracker, but if your developers can't do it there are opensource solutions available to host. | | | |
| ▲ | croes 2 hours ago | parent | prev [-] | | Malicious compliance are those dark patterns where it takes on click to accept all but multiple clicks to reject all. I remember the early day cookie banners of Tumbler accept all or deselect 200 tracking cookies by clicking each checkbox. |
|
|
