EDIT: I didn’t realize the anger this would bring out of people. It was supposed to be a funny meme based on recent real-life situations I’ve encountered, not an attack on the EU.

I appreciate the effort of the EU cookie laws. The practice of them just doesn’t live up to the theory of the law. Shady companies are always going to find a way to be shady.

  • Pigeon@programming.dev
    link
    fedilink
    arrow-up
    328
    arrow-down
    4
    ·
    edit-2
    1 year ago

    Not allowing users to access a service at all unless they accept cookies is often against GDPR. See: Can we use ‘cookie walls’?.

    To quote:

    In some circumstances, this approach is inappropriate; for example, where the user or subscriber has no genuine choice but to sign up. This is because the UK GDPR says that consent must be freely given.

    If your use of a cookie wall is intended to require, or influence, users to agree to their personal data being used by you or any third parties as a condition of accessing your service, then it is unlikely that user consent is considered valid.

    The key is that individuals are provided with a genuine free choice; consent should not be bundled up as a condition of the service unless it is necessary for that service.

    These cookie banners often violate all sorts of GDPR rules even more explicitly than this example. For example did you know it’s not allowed to have pre-ticked boxes on cookie popups for non-essential cookies?

    • purplemonkeymad@programming.dev
      link
      fedilink
      arrow-up
      117
      arrow-down
      1
      ·
      1 year ago

      IIRC the EU also ruled that burying the rejection options under additional links counts as a violation. Hence why Google now has a Reject button next to the accept button. Most sites still do that.

      • crunchpaste@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        44
        arrow-down
        1
        ·
        1 year ago

        Do you know if there is a EU-wide place to report such behavior?

        The biggest privately owned TV channel in my country not only does that, but actually just redirects you to a pdf file if you want to “manage cookies”. And it’s not like I can submit a complaint on a national level, as the ruling party’s website uses google analytics without a cookie notice at all.

      • Pigeon@programming.dev
        link
        fedilink
        arrow-up
        20
        ·
        1 year ago

        Yes this would make sense.

        Quote from “What methods can we use to obtain consent?”:

        If you are asking for consent electronically, consent must be “not unnecessarily disruptive to the use of the service for which it is provided”. You need to ensure you adopt the most user-friendly method you can.

        For a website, hiding rejection behind a link should class as “unnecessarily disruptive”. If you can provide consent with the press of a single button then rejecting should also be the press of a single button.

        • sunbeam60@lemmy.one
          link
          fedilink
          arrow-up
          8
          arrow-down
          1
          ·
          1 year ago

          I mean almost all websites fall foul of that. You often have to bury deep and end up with a palette of complicated choices and acceptances of individual tracking companies. It’s a bloody mess. The EU should just have mandated “do not track” adherence. There’s already a standard; just enforce it.

        • Pigeon@programming.dev
          link
          fedilink
          arrow-up
          16
          arrow-down
          1
          ·
          1 year ago

          I encounter something similar to this often.

          There’s a lot of cookie banners where “Accept All Cookies” is a single button but in order to reject cookies you have to press a “Manage Cookies” link which will have something similar to a “Reject All Cookies” button in it.

          It’s very annoying.

      • Carighan Maconar@lemmy.world
        link
        fedilink
        arrow-up
        28
        arrow-down
        1
        ·
        1 year ago

        Because they rest safe in the knowledge that you rarely if ever get taken to court for it. There are millions of web pages, it needs people to take action to do something about it, and just clicking “Yes all of them” to access the content you were just trying to get to is a far better solution in most situations than hiring a lawyer and investing a few years of legal proceedings, nevermind the money.

        • relevants@feddit.de
          link
          fedilink
          arrow-up
          5
          ·
          1 year ago

          There is an organization called nyob (I think) pushing back against that and going through the courts to have more sites penalized for their violations. The process is slow, but I see more and more pages adopting the required “reject all” so there seems to be some pressure on them.

    • Sysosmaster@infosec.pub
      link
      fedilink
      arrow-up
      20
      ·
      1 year ago

      even worse offenders are the ones with tick boxes for “Legitimate Interest”, since legitimate interest is another grounds for processing (just ads freely given consent is one), the fact you got a “tick” box for it makes it NOT legitimate interest within the confines of the GDPR.

      it also doesn’t matter what technology you use whether its cookies / urls / images / local storage / spy satellites. its solely about how you use the data…

    • _number8_@lemmy.world
      link
      fedilink
      arrow-up
      16
      arrow-down
      2
      ·
      1 year ago

      why are the EU the only people that bother to actually govern in a modern and helpful way

    • Steeve@lemmy.ca
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      edit-2
      1 year ago

      But what are they going to do about it?

      “Here’s a fine, if you don’t pay it your site can no longer operate in the EU”

      “… ok”

      • Knusper@feddit.de
        link
        fedilink
        arrow-up
        17
        ·
        1 year ago

        The EU is an important market for many websites, so yeah, that is usually what happens.

        • Steeve@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          We’re specifically discussing websites that refuse to load in the EU anyways as per the post

          • Knusper@feddit.de
            link
            fedilink
            arrow-up
            10
            ·
            1 year ago

            I understood the post as those webpages only refusing to load, if the user declines Cookies. So, they do still want to benefit off of those EU users, who click “Accept”.

    • ecamitor@beehaw.org
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      They found a way around: accept all cookies or pay 2€/months. And it was decied legal by GDPR authorities

    • GreenMario@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Then half the web violates it or there is One Pixel button that closes the damn popup.

      • Honytawk@lemmy.zip
        link
        fedilink
        arrow-up
        9
        arrow-down
        1
        ·
        1 year ago

        Yeah, it is great here.

        Either the website is great and doesn’t ask anything.

        Or it asks for cookie consent, which you can decline in 1 click.

        Or it pulls one of those “break the website” tricks which will get them sued sooner or later.

        Or they block access to EU members, at which point you know they only exist to extract your data anyway.

        • twistypencil@lemmy.world
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          I think it would be a worthwhile research project to find out how many users just click through these, accepting what the website wants you to accept by default. It effectively operates like a EULA for every single website, which produces overall fatigue and lack of care. When you’ve visited 20 sites in one day, you just start being irritated by having to constantly make a decision before you can view any content, and just mash whatever button you need to proceed.

      • Faresh@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        I also live in Europe and almost all websites display a dialog that asks you to choose cookie preferences. However, it seems that some few websites, mostly german (spiegel.de, gutefrage) that give you the opetion to browse with ads and cookies or pay. I do not use those websites and I imagine it is not legal.

    • Touching_Grass@lemmy.world
      link
      fedilink
      arrow-up
      12
      arrow-down
      125
      ·
      edit-2
      1 year ago

      I’m working hard to make sure all websites do that.

      You will be internet free in 5 years. Yes, I wear a cape

  • Scoopta@programming.dev
    link
    fedilink
    arrow-up
    162
    arrow-down
    1
    ·
    1 year ago

    I refuse to go to sites that do this, I also refuse to go to sites that block adblock…and specially the sites that detect and block private browsing, that one shouldn’t even be a thing

    • Zikeji@programming.dev
      link
      fedilink
      English
      arrow-up
      45
      ·
      1 year ago

      Sites that block adblock - I have network based filtering I’m not going to take the time to specifically figure out what ad providers you’re using (which is probably that same as everyone else) just to unblock your shitty site.

    • ozymandias117@lemmy.world
      link
      fedilink
      English
      arrow-up
      30
      arrow-down
      1
      ·
      1 year ago

      The fun part is that websites that do this are illegal in the EU

      They need to start flexing that 4% revenue / year fines

      • Big P@feddit.uk
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        I hope one day they just start fining everyone doing it all at once

        • corsicanguppy@lemmy.ca
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          And i hope they start using that sizing thing at airports to keep people from carrying on their massive samsonite tuba-sized suitcases and jamming them into the entirety of the overhead storage.

          But we can’t always get what we want.

    • Ignotum@lemmy.world
      link
      fedilink
      arrow-up
      14
      ·
      1 year ago

      I don’t use adblock, and yet i keep getting “disable adblock to view this” messages, fuck this shit

        • Ignotum@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I did have adguard set up, but i disabled it thinking it could help with this issue, which it sadly didn’t

      • Trainguyrom@reddthat.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Most browsers block some ads by default as well as some other privacy protections nowadays. I’m guessing whatever sites you’re hitting have advertisers so scummy they’re blocked by default

        • Ignotum@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Might be, might be

          I’m using Firefox and might’ve set a couple of the privacy settings “too high”, haven’t checked those in forever

    • hairyballs@programming.dev
      link
      fedilink
      arrow-up
      14
      arrow-down
      1
      ·
      1 year ago

      Why the fuck would they prevent private browsing? I use that a lot to be sure the session is closed correctly.

      • Scoopta@programming.dev
        link
        fedilink
        arrow-up
        11
        ·
        1 year ago

        There’s lots of newspaper sites in the US, that do this. They’ll be like “wanna use private browsing, make an account, or go visit from normal browsing.” Idk why they do it but they do. Apparently there are discrepancies in the way browsers handle persistent storage features between private and non-private browsing that allow for detection

  • CanadaPlus@lemmy.sdf.org
    link
    fedilink
    arrow-up
    91
    arrow-down
    2
    ·
    1 year ago

    I’m pretty sure breaking your website with no cookies is against the rules, actually. It’s either serve the EU with GDPR-compliance or GTFO entirely.

    Yeah, you could still just break the law, but as usual there’s a cost to that one way or the other.

    • Vuraniute@thelemmy.club
      link
      fedilink
      arrow-up
      21
      ·
      1 year ago

      this. and honestly I wish more websites followed the “serve under gdpr or don’t have a European marker”. A random blog once wasn’t available in the EU because of GDPR. And you know what? It’s better than them violating GDPR and the EU doing nothing.

    • Big P@feddit.uk
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 year ago

      Tons of companies break the cookie law already, but enforcement seems to be rare

      • akulium@feddit.de
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        Doesn’t enforcement work by letting competitors sue you if you don’t follow the rules for these things?

        • Big P@feddit.uk
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          The cookie consent banner has to allow you to opt out of cookies as easily as accepting them

            • Big P@feddit.uk
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 year ago

              Yeah, I think it has to default to off but I believe the banner they show shouldn’t make it harder to continue with it being off rather than turning it on

      • CanadaPlus@lemmy.sdf.org
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I’ve heard stories about some of the big guys getting hit with sizable GDPR fines. I don’t really know the full extent of what they do but I do imagine there’s someone that makes it their job to prosecute GDPR violations.

    • jabjoe@feddit.uk
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      It’s more about the big boys. If they act in a way that breaks the GDPR, now the EU has a stick to hit them with.

  • SnipingNinja@slrpnk.net
    link
    fedilink
    arrow-up
    77
    arrow-down
    2
    ·
    1 year ago

    Your meme is funny, but people genuinely use these arguments to be against sensible EU laws, hence the response I imagine.

  • SloganLessons@kbin.social
    link
    fedilink
    arrow-up
    74
    arrow-down
    12
    ·
    1 year ago

    Yeah being unable to open… checks notes local news websites from the US has been a real deal breaker

  • genoxidedev1@kbin.social
    link
    fedilink
    arrow-up
    58
    arrow-down
    4
    ·
    1 year ago

    That’s gotta be quite some website you visited, if it didn’t load at all without cookies. As someone from Germany, who mostly rejects every sites cookies, except for the essential ones most of the time, but sometimes outright rejects all cookies, I’ve never encountered a website that refused to load upon doing that.

    Not defending any webpages that do do that, just contributing my personal experience.

    Also: this for chrome or this for fiefrerfx

  • hdnsmbt@feddit.de
    link
    fedilink
    arrow-up
    52
    arrow-down
    1
    ·
    1 year ago

    That’s fine. People who don’t care about cookies will accept them anyway and those who do care about cookies will know not to visit that site anymore.

  • drkt@feddit.dk
    link
    fedilink
    arrow-up
    55
    arrow-down
    17
    ·
    1 year ago

    Oh boo I can’t visit American propaganda websites what a loss to my European life style

    • MDFL@programming.devOP
      link
      fedilink
      arrow-up
      20
      arrow-down
      44
      ·
      1 year ago

      I have run into this recently on several non-US, non-news sites. Your comment is propaganda.

          • Pandoras_Can_Opener@mander.xyz
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            1 year ago

            Infowars tells you Nazis are something you disagree with? Haven’t heard from them in a while. Would have thought they’d quietly drop the Nazis are evil thing.

        • MDFL@programming.devOP
          link
          fedilink
          arrow-up
          11
          arrow-down
          15
          ·
          edit-2
          1 year ago

          I absolutely do. Spreading the idea that news sites are all propaganda and the only entities involved in this kind of practice is, in itself, propaganda.

            • MDFL@programming.devOP
              link
              fedilink
              arrow-up
              10
              arrow-down
              7
              ·
              edit-2
              1 year ago

              You’re right. I wasn’t clear in my comment. Saying all US-news sites are propaganda is propaganda. I’m not sure how that changes anything.

              • smollittlefrog@lemdro.id
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                1 year ago

                They didn’t say that either. Where do you get this idea from that they’re talking about (all) US news sites?

                They said “American propaganda websites”. That may include some news sites. It may also not include some news sites.

                The most you could infer from their statement is that only American propaganda websites violate the GDPR.

                Of course websites exist that violate the GDPR and are not American propaganda websites.

                But the vast majority of websites commiting severe violations of the GDPR that an average European encounters will be American propaganda websites.

                (Believe it or not, Europeans don’t often visit websites written in Russian or Chinese.)

              • 👁️👄👁️@lemm.ee
                link
                fedilink
                English
                arrow-up
                6
                arrow-down
                10
                ·
                1 year ago

                It’s a lost cause, the EU circlejerk is too strong, as clearly everything is a utopia over there with nothing wrong.

                GDPR is a good idea, but still very flawed in practice which they really don’t like to admit anything wrong for some reason.

  • Queen HawlSera@lemm.ee
    link
    fedilink
    English
    arrow-up
    43
    arrow-down
    5
    ·
    1 year ago

    I feel like people would have responded to this meme better if you didn’t depict the European Union as an NPC

      • Honytawk@lemmy.zip
        link
        fedilink
        arrow-up
        11
        arrow-down
        1
        ·
        1 year ago

        People complaining about the cookie law don’t understand the issue.

        The law doesn’t state that websites have to show a cookie banner. It states that if a website wants to track you with cookies, they have to ask permission.

        You can get websites (like lemmy and wikipedia) that don’t ask for cookies, because none of them try to track you.

        So if a websites demands cookies or they don’t allow access, it is a clear sign that the website only cares about your visit if they can invade your privacy for profit.

        Meaning it will just be a dumb clickbait website with no decent content anyway, that you should just skip.

      • stevedidWHAT@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        1
        ·
        1 year ago

        The businesses who are actually doing this shit and not the people actually trying to solve issues in the world lmfao.

  • DeriHunter@lemmy.world
    link
    fedilink
    arrow-up
    25
    arrow-down
    1
    ·
    1 year ago

    Serious question: I know that there are tracking cookies and the user should be able to decline those,but most sites have an auth cookie that stores you’re credentials. The devs can store it in a different place like local storage but thats really unsecured.what can the devs do in this situation when the user decline all cookies?

    • GuroGuru@lemmynsfw.com
      link
      fedilink
      arrow-up
      44
      ·
      1 year ago

      The EU is not stupid. They categorized cookies into the necessary ones for site-usage and those that aren’t. So developers just categorize their session cookie (rightfully) as necessary and that’s it.

    • fosforus@sopuli.xyz
      link
      fedilink
      arrow-up
      40
      arrow-down
      1
      ·
      1 year ago

      Cookies that are crucial for the functioning of the website cannot be disabled by the user.

      • sip@programming.dev
        link
        fedilink
        arrow-up
        12
        arrow-down
        2
        ·
        edit-2
        1 year ago

        well, they can be disabled by the user and the site simply won’t work.

        • shasta@lemm.ee
          link
          fedilink
          arrow-up
          10
          ·
          1 year ago

          He means they are exempt from the EU law that says the use must be presented with the option to disable it

    • Phen@lemmy.eco.br
      link
      fedilink
      arrow-up
      34
      ·
      1 year ago

      The eu rules are mostly about unnecessary cookies. Most web devs just copied whatever everyone else was doing and now there’s this standard of having to accept cookies but the EU doesn’t really enforce it like that

    • Kevin Noodle@lemmy.world
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      Usually the prompts are specifically for tracking cookies, not essential ones for login. Alternatives without cookies:

      • URL sessions
      • Tokens
      • OAuth/OIDC third party
      • Local/Session Storage (ditto - mind the risks)
    • nothacking@discuss.tchncs.de
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      The GDPR is not “cookie law”, it only prohibits tracking users in a way not essential to the operation of the site using locally stored identifiers (cookies, local storage, indexed DB…)

      Storing a cookie to track login sessions, or color scheme preference does not require asking the user or allowing them to decline.

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      What the dev can do if user decline processing of personal data is not store such personal data in cookies or anywhere.

      Or even better, do not track the user so the consent would only be needed in for example registration form.

  • Gamey@feddit.rocks
    link
    fedilink
    arrow-up
    23
    arrow-down
    1
    ·
    1 year ago

    I generally agree with the statment under that image and it’s certainly a funny meme but also Illegal, sadly the enforcment is a joke but that’s not really the laws fault!

  • nothacking@discuss.tchncs.de
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    Nearly all of these are illegal, but sadly there is little enforcement when it comes to this. (Tracking must be opt-in, not opt-out. Ignoring a banner must be interpreted as declining. Opting out must be a simple option, not navigating a complex and misleading menus. The users choice applies to any form of tracking, not just cookies…)