| ▲ | peterisza 12 hours ago |
| They should move to kill the cookie popup |
|
| ▲ | mcny 12 hours ago | parent | next [-] |
| You don't have to have a cookie popup if you don't do stupid stuff. Don't use anything other than strictly necessary cookies and you are good to go. Disclaimer: I anal and this is not legal advice. |
| |
| ▲ | rpdillon 12 hours ago | parent | next [-] | | Having worked at multiple companies and talked to multiple legal teams about this, they tend to be very conservative. So the guidance I've gotten is that if we store any information at all on the person's computer, even to know whether they've visited the site before, we still need a cookie banner. Basically, the law created enough fear among the lawyers that software developers are being advised to include the cookie banner in cases where it isn't strictly needed. | | |
| ▲ | norman784 12 hours ago | parent | next [-] | | But it should not be obnoxious, look at steam how is a small banner with two simple actions, vs all other cookie banners. | | |
| ▲ | rpdillon 12 hours ago | parent | next [-] | | Agreed! Many sites don't actually comply with the GDPR because they don't provide simple tools to control the cookies and instead force you through a flow. Part of my gripe with the law is the way those violations are not being systematically cited. | |
| ▲ | buzzerbetrayed 8 hours ago | parent | prev [-] | | You literally just described something obnoxious |
| |
| ▲ | dheera 10 hours ago | parent | prev | next [-] | | If I see a cookie banner I often bounce. You'd have much better retention rates if you don't cover up the content the viewer is trying to view. How would you like it if I shoved a banner in your face the moment you walked into a store and forced you to punch a hole in it in order to view items on the shelves? | | | |
| ▲ | rendx 12 hours ago | parent | prev | next [-] | | So? You're not arguing that we should get rid of 'reasonable' laws out of misinterpretations of them, are you? | | |
| ▲ | rpdillon 12 hours ago | parent | next [-] | | Laws should be evaluated on the effect they actually have on society, rather than the effect that we wish they had on society. I am very critical of laws that fail this test, and I think they should be updated to improve their performance. We want the right outcome, not the right rules. | |
| ▲ | r33b33 4 hours ago | parent | prev | next [-] | | If the law is stupid, don't follow it. Simply as | |
| ▲ | bigstrat2003 6 hours ago | parent | prev [-] | | I'm willing to argue that, sure (though it's purely a hypothetical point as I'm not a citizen of the EU and thus I don't and shouldn't have a voice in the laws there). I don't judge a law by a deontological measure of worth, but rather by whether it seems to be making things better or worse. The GDPR has overwhelmingly made my experience browsing the web worse, not better. Whether it should have resulted in that is beside the point: it has resulted in that, so that is what I judge it by. Therefore, I think it makes sense to get rid of the law as it seems that it is making things worse for people, not better. |
| |
| ▲ | stephenr 12 hours ago | parent | prev [-] | | > even to know whether they've visited the site before So uh, don't do that. You don't need to notify if you use cookies for required functionality like login sessions or remembering a functional setting. If you're tracking whether they're returning or not your activity is exactly the kind of behaviour the rule is covering because, in legal terms, it's skeezy as fuck. | | |
| ▲ | rpdillon 12 hours ago | parent | next [-] | | It's a site where they log in and we store a cookie. | | |
| ▲ | rendx 12 hours ago | parent [-] | | "Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user." https://gdpr.eu/cookies/ | | |
| ▲ | rpdillon 11 hours ago | parent [-] | | Right, and then the legal teams tell me they don't care, and we should put up the cookie banner anyway. I feel like you didn't read my original comment. | | |
| ▲ | sensanaty 10 hours ago | parent | next [-] | | That just means your legal team is lazy or incompetent. I work for a massive company that handles extremely sensitive PII and we don't have a cookie banner, because we don't need to have a cookie banner. GitHub doesn't have one, Gitlab doesn't have one. | |
| ▲ | kuschku 7 hours ago | parent | prev [-] | | I've built software used by EU governments, and we don't use a cookie banner for our login cookies either. If your legal team genuinely suggests that, it's likely your company uses the login cookies for some additional purposes. |
|
|
| |
| ▲ | shadowgovt 12 hours ago | parent | prev [-] | | > You don't need to notify if you use cookies for required functionality like login sessions or remembering a functional setting Nobody wants to be the EU test case on precisely how "required functionality" is defined. Regardless of what the plaintext of the law says, it should be self-evident that companies will be more conservative than that, especially when the cost is as low as adding one cooke banner and tracking one preference. |
|
| |
| ▲ | tikkabhuna 10 hours ago | parent | prev | next [-] | | Yep. GitHub wrote a blog post on removing their cookie banner years ago. https://github.blog/news-insights/company-news/no-cookie-for... | | |
| ▲ | kbelder 9 hours ago | parent | next [-] | | >At GitHub, we want to protect developer privacy, and we find cookie banners quite irritating, so we decided to look for a solution. After a brief search, we found one: just don’t use any non-essential cookies. Pretty simple, really. Go to that link, these are the cookies it writes (at least for me): * _ga
* _gcl_au
* octo
* ai_session
* cfz_adobe
* cfz_google-analytics_v4
* GHCC
* kndctr_
*_AdobeOrg_identity
* MicrosoftApplicationsTelemtryDeviceId
* OptanonConsent
* zaraz-consent
Some are from github.blog, some are from the cloudflare.com hosting. Not sure how the laws apply to that. But obviously there's several analytics cookies. | | | |
| ▲ | Devorlon 10 hours ago | parent | prev [-] | | I get a cookie banner accessing that page. | | |
| ▲ | eviks 4 hours ago | parent [-] | | You need to wait for a meta-blog about removing banners from the blog |
|
| |
| ▲ | nozzlegear 12 hours ago | parent | prev | next [-] | | Don't several of the EU's own government information websites use cookie popups? | | |
| ▲ | reddalo 3 hours ago | parent [-] | | Yes; but usually it's because they embed videos from YouTube or other external sources that force cookies to be set. |
| |
| ▲ | vasco an hour ago | parent | prev | next [-] | | This is an internet comment, adding the not a lawyer disclaimer just shows you have no clue about anything, because you don't even know you cannot be sued for giving legal advice on the internet. Look this is legal advice. | |
| ▲ | dathinab 12 hours ago | parent | prev [-] | | if you don't track users you don't need GDPR consent dialogs I think in the past you still needed some info box in the corner with a link to the data policy. But I think that isn't needed anymore (to be clear not a consent dialog, a informational only thing). Also you can without additional consent store a same site/domain cookie remembering you dismissing or clicking on it and not showing it again (btw. same for opting out of being tracked). But there are some old pre-GDPR laws in some countries (not EU wide AFIK) which do require actual cookie banners (in difference to GDPR consent dialogs or informational things). EU want them removed, but politic moves slow AF so not sure what the sate of this is. So yes without checking if all the older misguided laws have been dismissed, you probably should have a small banner at the bottom telling people "we don't track you but for ... reasons .. [link] [ok]" even if you don't track people :(. But also if they haven't gotten dismissed they should be dismissed very soon. Still such a banner is non obnoxious, little annoying (on PC, Tablet, a bit more annoying on Phone). And isn't that harass people to allow you to spy on them nonsense we have everywhere. |
|
|
| ▲ | warmedcookie 5 hours ago | parent | prev | next [-] |
| I like the cookie banners since it is an immediate indication to me that I should leave the site. It's an innate reflex at this point. |
| |
|
| ▲ | prmoustache 12 hours ago | parent | prev | next [-] |
| It is up to the websites to do that, and to the users to boycott those websites showing cookie popups. |
| |
| ▲ | idle_zealot 12 hours ago | parent | next [-] | | The regulatory body could clarify that a DO NOT TRACK header should be interpreted as a "functional/necessary cookies only" request, so sites may not interrupt visitors with a popup modal/banner if it's set. | | | |
| ▲ | 12 hours ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | ben_w 12 hours ago | parent | prev | next [-] |
| Just so long as that means killing all the tracking, not just going back to hiding it. |
|
| ▲ | dathinab 12 hours ago | parent | prev | next [-] |
| ahhhh, every time the same discussion 1. GDPR consent dialogs are not cookie popups, most things you see are GDPR consent dialogs 2. GDPR consent dialogs are only required if you share data, i.e. spy on the user 3. GDPR had from the get to go a bunch of exceptions, e.g. you don't need permission to store a same site cookie indicating that you opted out of tracking _iff_ you don't use it for tracking. Same for a lot of other things where the data is needed for operation as long as the data is only used with that thing and not given away. (E.g. DDOS protection, bot detection, etc.) 4. You still had to inform the user but this doesn't need any user interacting, accepting anything nor does it need to be a popup blocking the view. A small information in the corner of the screen with a link to the data policy is good enough. But only if all what you do falls under 3. or non personal information. Furthermore I think they recently have updated it to not even require that, just having a privacy policy in a well know place is good enough but I have to double check. (And to be clear this is for data you don't need permission to collect, but like any data you collect it's strictly use case bound and you still have to list how its used, how long stored etc. even if you don't need permissions). Also to be clear if you accept the base premise of GDPR it's pretty intuitive to judge if it's an exception or not. 5. in some countries, there are highly misguided "cookie popup" laws predating GDPR (they are actually about cookies, not data collection in general). This are national laws and such the EU would prefer to have removed. Work on it is in process but takes way to long. I'm also not fully sure about the sate of that. So in that context, yes they should and want to kill "cookie popups". That just doesn't mean what most people think it does (as it has nothing to do with GDPR). |
|
| ▲ | kuerbel 12 hours ago | parent | prev | next [-] |
| Kill cookie pop up dark patterns* |
| |
| ▲ | saithir 12 hours ago | parent [-] | | But that would require directing the anger at specific companies (and their 2137 ad partners) rather than at an easy target of the banana-regulating evil authority. Sadly whenever this kind of discussion pops up it's usually a very unpopular take. |
|
|
| ▲ | r33b33 4 hours ago | parent | prev | next [-] |
| you can simply choose not to use it |
|
| ▲ | bubblewand 12 hours ago | parent | prev | next [-] |
| Simply banning most forms of advertising would be extremely welcome and might largely solve the cookie-popup issue, too. |
|
| ▲ | DarkUranium 10 hours ago | parent | prev | next [-] |
| Note that, back when it started (pre-GDPR cookie banners), this was pure malicious compliance in 90% of cases. Most sites didn't need a banner. Even post-GDPR, many use-cases don't need one. |
|
| ▲ | peterisza 12 hours ago | parent | prev | next [-] |
| and then the inventor should go to prison along with the guys who design the UI of microwave ovens (joke) |
|
| ▲ | gib444 12 hours ago | parent | prev [-] |
| Well then where would be the incentive to download apps/not clear your cookies...? :-) |
