EDIT: I didn’t realize the anger this would bring out of people. It was supposed to be a funny meme based on recent real-life situations I’ve encountered, not an attack on the EU.

I appreciate the effort of the EU cookie laws. The practice of them just doesn’t live up to the theory of the law. Shady companies are always going to find a way to be shady.

  • Pigeon@programming.dev
    link
    fedilink
    arrow-up
    328
    arrow-down
    4
    ·
    edit-2
    1 year ago

    Not allowing users to access a service at all unless they accept cookies is often against GDPR. See: Can we use ‘cookie walls’?.

    To quote:

    In some circumstances, this approach is inappropriate; for example, where the user or subscriber has no genuine choice but to sign up. This is because the UK GDPR says that consent must be freely given.

    If your use of a cookie wall is intended to require, or influence, users to agree to their personal data being used by you or any third parties as a condition of accessing your service, then it is unlikely that user consent is considered valid.

    The key is that individuals are provided with a genuine free choice; consent should not be bundled up as a condition of the service unless it is necessary for that service.

    These cookie banners often violate all sorts of GDPR rules even more explicitly than this example. For example did you know it’s not allowed to have pre-ticked boxes on cookie popups for non-essential cookies?

    • purplemonkeymad@programming.dev
      link
      fedilink
      arrow-up
      117
      arrow-down
      1
      ·
      1 year ago

      IIRC the EU also ruled that burying the rejection options under additional links counts as a violation. Hence why Google now has a Reject button next to the accept button. Most sites still do that.

      • crunchpaste@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        44
        arrow-down
        1
        ·
        1 year ago

        Do you know if there is a EU-wide place to report such behavior?

        The biggest privately owned TV channel in my country not only does that, but actually just redirects you to a pdf file if you want to “manage cookies”. And it’s not like I can submit a complaint on a national level, as the ruling party’s website uses google analytics without a cookie notice at all.

      • Pigeon@programming.dev
        link
        fedilink
        arrow-up
        20
        ·
        1 year ago

        Yes this would make sense.

        Quote from “What methods can we use to obtain consent?”:

        If you are asking for consent electronically, consent must be “not unnecessarily disruptive to the use of the service for which it is provided”. You need to ensure you adopt the most user-friendly method you can.

        For a website, hiding rejection behind a link should class as “unnecessarily disruptive”. If you can provide consent with the press of a single button then rejecting should also be the press of a single button.

        • sunbeam60@lemmy.one
          link
          fedilink
          arrow-up
          8
          arrow-down
          1
          ·
          1 year ago

          I mean almost all websites fall foul of that. You often have to bury deep and end up with a palette of complicated choices and acceptances of individual tracking companies. It’s a bloody mess. The EU should just have mandated “do not track” adherence. There’s already a standard; just enforce it.

        • Pigeon@programming.dev
          link
          fedilink
          arrow-up
          16
          arrow-down
          1
          ·
          1 year ago

          I encounter something similar to this often.

          There’s a lot of cookie banners where “Accept All Cookies” is a single button but in order to reject cookies you have to press a “Manage Cookies” link which will have something similar to a “Reject All Cookies” button in it.

          It’s very annoying.

      • Carighan Maconar@lemmy.world
        link
        fedilink
        arrow-up
        28
        arrow-down
        1
        ·
        1 year ago

        Because they rest safe in the knowledge that you rarely if ever get taken to court for it. There are millions of web pages, it needs people to take action to do something about it, and just clicking “Yes all of them” to access the content you were just trying to get to is a far better solution in most situations than hiring a lawyer and investing a few years of legal proceedings, nevermind the money.

        • relevants@feddit.de
          link
          fedilink
          arrow-up
          5
          ·
          1 year ago

          There is an organization called nyob (I think) pushing back against that and going through the courts to have more sites penalized for their violations. The process is slow, but I see more and more pages adopting the required “reject all” so there seems to be some pressure on them.

    • Sysosmaster@infosec.pub
      link
      fedilink
      arrow-up
      20
      ·
      1 year ago

      even worse offenders are the ones with tick boxes for “Legitimate Interest”, since legitimate interest is another grounds for processing (just ads freely given consent is one), the fact you got a “tick” box for it makes it NOT legitimate interest within the confines of the GDPR.

      it also doesn’t matter what technology you use whether its cookies / urls / images / local storage / spy satellites. its solely about how you use the data…

    • _number8_@lemmy.world
      link
      fedilink
      arrow-up
      16
      arrow-down
      2
      ·
      1 year ago

      why are the EU the only people that bother to actually govern in a modern and helpful way

    • Steeve@lemmy.ca
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      edit-2
      1 year ago

      But what are they going to do about it?

      “Here’s a fine, if you don’t pay it your site can no longer operate in the EU”

      “… ok”

      • Knusper@feddit.de
        link
        fedilink
        arrow-up
        17
        ·
        1 year ago

        The EU is an important market for many websites, so yeah, that is usually what happens.

        • Steeve@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          We’re specifically discussing websites that refuse to load in the EU anyways as per the post

          • Knusper@feddit.de
            link
            fedilink
            arrow-up
            10
            ·
            1 year ago

            I understood the post as those webpages only refusing to load, if the user declines Cookies. So, they do still want to benefit off of those EU users, who click “Accept”.

    • ecamitor@beehaw.org
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      They found a way around: accept all cookies or pay 2€/months. And it was decied legal by GDPR authorities

    • GreenMario@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Then half the web violates it or there is One Pixel button that closes the damn popup.