EDIT: I didn’t realize the anger this would bring out of people. It was supposed to be a funny meme based on recent real-life situations I’ve encountered, not an attack on the EU.
I appreciate the effort of the EU cookie laws. The practice of them just doesn’t live up to the theory of the law. Shady companies are always going to find a way to be shady.
Not allowing users to access a service at all unless they accept cookies is often against GDPR. See: Can we use ‘cookie walls’?.
To quote:
In some circumstances, this approach is inappropriate; for example, where the user or subscriber has no genuine choice but to sign up. This is because the UK GDPR says that consent must be freely given.
If your use of a cookie wall is intended to require, or influence, users to agree to their personal data being used by you or any third parties as a condition of accessing your service, then it is unlikely that user consent is considered valid.
The key is that individuals are provided with a genuine free choice; consent should not be bundled up as a condition of the service unless it is necessary for that service.
These cookie banners often violate all sorts of GDPR rules even more explicitly than this example. For example did you know it’s not allowed to have pre-ticked boxes on cookie popups for non-essential cookies?
IIRC the EU also ruled that burying the rejection options under additional links counts as a violation. Hence why Google now has a Reject button next to the accept button. Most sites still do that.
Do you know if there is a EU-wide place to report such behavior?
The biggest privately owned TV channel in my country not only does that, but actually just redirects you to a pdf file if you want to “manage cookies”. And it’s not like I can submit a complaint on a national level, as the ruling party’s website uses google analytics without a cookie notice at all.
I think you report to your nation’s Data Protection Centre, each member has their own that takes the reports. If I was still in the EU I would have put more time into finding out how reports work.
Yeah, either of the nation or your nation may have data protection officers for individual states/regions.
https://dataprivacymanager.net/list-of-eu-data-protection-supervisory-authorities-gdpr/
Here you can find the GDPR authority per EU country.
Yes this would make sense.
Quote from “What methods can we use to obtain consent?”:
If you are asking for consent electronically, consent must be “not unnecessarily disruptive to the use of the service for which it is provided”. You need to ensure you adopt the most user-friendly method you can.
For a website, hiding rejection behind a link should class as “unnecessarily disruptive”. If you can provide consent with the press of a single button then rejecting should also be the press of a single button.
I mean almost all websites fall foul of that. You often have to bury deep and end up with a palette of complicated choices and acceptances of individual tracking companies. It’s a bloody mess. The EU should just have mandated “do not track” adherence. There’s already a standard; just enforce it.
Most sites definitely don’t do this
I encounter something similar to this often.
There’s a lot of cookie banners where “Accept All Cookies” is a single button but in order to reject cookies you have to press a “Manage Cookies” link which will have something similar to a “Reject All Cookies” button in it.
It’s very annoying.
There is also a name for these kind of psychological tricks and pressure. It’s called nudging.
I found a small report on this by the EU Commission’s science and knowledge service. https://publications.jrc.ec.europa.eu/repository/bitstream/JRC127856/JRC127856_01.pdf
There are surely even better resources.
Yeah this is very common, I don’t know why other people on here are gaslighting like it doesn’t happen. It’s this way for major sites like YouTube/Twitter/Twitch/etc too. Hell even embedding a YouTube video on a site is violating GDPR. It’s a good idea, but needs a version 2.0 patch to fix some exploits.
They’re still widely used for some (illegal) reason
Because they rest safe in the knowledge that you rarely if ever get taken to court for it. There are millions of web pages, it needs people to take action to do something about it, and just clicking “Yes all of them” to access the content you were just trying to get to is a far better solution in most situations than hiring a lawyer and investing a few years of legal proceedings, nevermind the money.
There is an organization called nyob (I think) pushing back against that and going through the courts to have more sites penalized for their violations. The process is slow, but I see more and more pages adopting the required “reject all” so there seems to be some pressure on them.
even worse offenders are the ones with tick boxes for “Legitimate Interest”, since legitimate interest is another grounds for processing (just ads freely given consent is one), the fact you got a “tick” box for it makes it NOT legitimate interest within the confines of the GDPR.
it also doesn’t matter what technology you use whether its cookies / urls / images / local storage / spy satellites. its solely about how you use the data…
why are the EU the only people that bother to actually govern in a modern and helpful way
But what are they going to do about it?
“Here’s a fine, if you don’t pay it your site can no longer operate in the EU”
“… ok”
The EU is an important market for many websites, so yeah, that is usually what happens.
We’re specifically discussing websites that refuse to load in the EU anyways as per the post
I understood the post as those webpages only refusing to load, if the user declines Cookies. So, they do still want to benefit off of those EU users, who click “Accept”.
Ah, I think I misunderstood then.
Those pages can just fuck off. There are many more pages.
Of course that’s just my opinion.
They found a way around: accept all cookies or pay 2€/months. And it was decied legal by GDPR authorities
Some national authorities allow it, most don’t. The final word will be from the CJEU or the EDPB.
The what or what?
The EU supreme court or the EU data protection agency, roughly.
GDPR enforcement is left to the member states. The EDPB isn’t an agency, its more like all the national data protection authorities in a trench coat.
Then half the web violates it or there is One Pixel button that closes the damn popup.
Any website that does that I just close the tab.
You should travel to Europe sometime and try to use the web
Yeah, it is great here.
Either the website is great and doesn’t ask anything.
Or it asks for cookie consent, which you can decline in 1 click.
Or it pulls one of those “break the website” tricks which will get them sued sooner or later.
Or they block access to EU members, at which point you know they only exist to extract your data anyway.
I think it would be a worthwhile research project to find out how many users just click through these, accepting what the website wants you to accept by default. It effectively operates like a EULA for every single website, which produces overall fatigue and lack of care. When you’ve visited 20 sites in one day, you just start being irritated by having to constantly make a decision before you can view any content, and just mash whatever button you need to proceed.
I also live in Europe and almost all websites display a dialog that asks you to choose cookie preferences. However, it seems that some few websites, mostly german (spiegel.de, gutefrage) that give you the opetion to browse with ads and cookies or pay. I do not use those websites and I imagine it is not legal.
I’m working hard to make sure all websites do that.
You will be internet free in 5 years. Yes, I wear a cape
Display name does not check out as a matter of fact
No you see he has grass growing in his keyboard so he can touch grass without going outside
We will all touch grass
my brother in christ there wont be any grass to touch soon
A world full of only ass and gas is not a world I want to be in
Are you… the hero or villain. I don’t even know anymore
They’re anti-anti >!(like anti-hero or anti-villain)!<, their goals transcend understanding
I think we should ban trolls like this on sight.
I propose we ban /u/Touching_Grass
In THIS economy?!
Than I will go without internet. I’m over 40 I know how life was like before internet. I’ll be that crazy old man in someone’s neighborhood. So kindly please accept my GO FUCK YOURSELF award for your efforts.
I thought you didn’t care. Now you do?
Nah I just wanted to touch grass…
I refuse to go to sites that do this, I also refuse to go to sites that block adblock…and specially the sites that detect and block private browsing, that one shouldn’t even be a thing
Sites that block adblock - I have network based filtering I’m not going to take the time to specifically figure out what ad providers you’re using (which is probably that same as everyone else) just to unblock your shitty site.
LOL, I also use DNS based filtering soooo I feel your pain.
Hilariously, I find the Pi-hole feature “disable for 5 seconds” often works because it’ll be down for long enough to load the page but not the ads.
Reminds me, I need a pihole
I don’t use pihole…didn’t know that was a thing…still don’t plan on using pihole but that’s cool
The fun part is that websites that do this are illegal in the EU
They need to start flexing that 4% revenue / year fines
I hope one day they just start fining everyone doing it all at once
And i hope they start using that sizing thing at airports to keep people from carrying on their massive samsonite tuba-sized suitcases and jamming them into the entirety of the overhead storage.
But we can’t always get what we want.
I don’t use adblock, and yet i keep getting “disable adblock to view this” messages, fuck this shit
Probably Adguard or Pihole? (Some network level blocking?)
I did have adguard set up, but i disabled it thinking it could help with this issue, which it sadly didn’t
Most browsers block some ads by default as well as some other privacy protections nowadays. I’m guessing whatever sites you’re hitting have advertisers so scummy they’re blocked by default
Might be, might be
I’m using Firefox and might’ve set a couple of the privacy settings “too high”, haven’t checked those in forever
Why the fuck would they prevent private browsing? I use that a lot to be sure the session is closed correctly.
There’s lots of newspaper sites in the US, that do this. They’ll be like “wanna use private browsing, make an account, or go visit from normal browsing.” Idk why they do it but they do. Apparently there are discrepancies in the way browsers handle persistent storage features between private and non-private browsing that allow for detection
I use this to deal with paywalled articles.
This comment needs more upvotes…I did not know this was a thing and I’ll try to remember it next time I hit a wall
Bigger walls, bigger ladders!!!
I’d guess they just want to keep track of what you read and how many articles. You still can wipe that information from your browser but private browsing makes it more convenient so they ban it
Cause they can’t track your browser history that way.
Cool. One less website to visit. Not like there is a shortage.
I love when the trash takes itself out
I’m pretty sure breaking your website with no cookies is against the rules, actually. It’s either serve the EU with GDPR-compliance or GTFO entirely.
Yeah, you could still just break the law, but as usual there’s a cost to that one way or the other.
this. and honestly I wish more websites followed the “serve under gdpr or don’t have a European marker”. A random blog once wasn’t available in the EU because of GDPR. And you know what? It’s better than them violating GDPR and the EU doing nothing.
Tons of companies break the cookie law already, but enforcement seems to be rare
Doesn’t enforcement work by letting competitors sue you if you don’t follow the rules for these things?
What’s the cookie law?
No cookies before dinner.
If websites want to track you through cookies, they have to ask for permission.
The cookie consent banner has to allow you to opt out of cookies as easily as accepting them
Almoat true, it actually has to be a opt in system, opt out is illegal already!
Yeah, I think it has to default to off but I believe the banner they show shouldn’t make it harder to continue with it being off rather than turning it on
I’ve heard stories about some of the big guys getting hit with sizable GDPR fines. I don’t really know the full extent of what they do but I do imagine there’s someone that makes it their job to prosecute GDPR violations.
It’s more about the big boys. If they act in a way that breaks the GDPR, now the EU has a stick to hit them with.
Your meme is funny, but people genuinely use these arguments to be against sensible EU laws, hence the response I imagine.
Yeah being unable to open… checks notes local news websites from the US has been a real deal breaker
Sometimes its relieving when you go to do something and you find out that you have already finished, lol.
I have run into this recently on several non-US, non-news sites. I have actually never run into it on US local news sites, so I don’t know what you’re on about.
Yeah it’s a tragedy
In my experience it seems to be medical websites and recipe websites
Frankly I wish I could fit more US politics into my life, so it’s been hard, I tells ya.
Then you’ve picked the right place my friend!
That’s gotta be quite some website you visited, if it didn’t load at all without cookies. As someone from Germany, who mostly rejects every sites cookies, except for the essential ones most of the time, but sometimes outright rejects all cookies, I’ve never encountered a website that refused to load upon doing that.
Not defending any webpages that do do that, just contributing my personal experience.
Also: this for chrome or this for fiefrerfx
Also from Germany. Some american news and media sites do that.
All don’t offer cookie rejection.
Makes sense, I don’t use any of them, at all. I’m pretty sure there’s a place where you can report such webpages for doing that though, though I don’t know where at the moment.
Edit: possibly this one
Netzpolitik.de checked Germany’s top 100 sites. Not many offer a single click rejection of cookies. Many of them only offer a paid ‘pure abo’ to disable tracking.
Yea, we have the same issue in Austria but technically that’s illegal behaviour and you should be able to report it somewhere!
Don’t know if it’s me or what, but I clicked on the first link and when it opened in my mobile browser, everything started shaking vertically like the page was suffering an earthquake. I’ll definitely have to look into that because I’ve never seen it happen before on any website like it.
I’ve seen Italian sites that will put up a pay wall if you refuse the cookies.
some other just block access from the eu completely. (not a news site, but applebee’s does this)
Consent-o-matic is magnificent.
One extension to automatically accept, one extension to automatically delete everything after the tab is closed.
It’s rare to see (probably since someone pointed out it doesn’t conform to GDPR standards), but I ran into a batch of them in short order recently, so it’s been on my mind.
I exit in the EU a lot. Same, they mostly work fine with no cookies. It’s much more common to see one that just doesn’t let EU residents in.
https://www.healthline.com/ - has a two-click “disable all”, but if you choose it you get a static site with 10 of their articles https://anon.healthline.com/
That’s fine. People who don’t care about cookies will accept them anyway and those who do care about cookies will know not to visit that site anymore.
Oh boo I can’t visit American propaganda websites what a loss to my European life style
I have run into this recently on several non-US, non-news sites. Your comment is propaganda.
propaganda
I do not think that word means what you think it means.
deleted by creator
Infowars tells you Nazis are something you disagree with? Haven’t heard from them in a while. Would have thought they’d quietly drop the Nazis are evil thing.
I absolutely do. Spreading the idea that news sites are all propaganda and the only entities involved in this kind of practice is, in itself, propaganda.
I think they were referring only to American news websites.
You’re right. I wasn’t clear in my comment. Saying all US-news sites are propaganda is propaganda. I’m not sure how that changes anything.
They didn’t say that either. Where do you get this idea from that they’re talking about (all) US news sites?
They said “American propaganda websites”. That may include some news sites. It may also not include some news sites.
The most you could infer from their statement is that only American propaganda websites violate the GDPR.
Of course websites exist that violate the GDPR and are not American propaganda websites.
But the vast majority of websites commiting severe violations of the GDPR that an average European encounters will be American propaganda websites.
(Believe it or not, Europeans don’t often visit websites written in Russian or Chinese.)
It’s a lost cause, the EU circlejerk is too strong, as clearly everything is a utopia over there with nothing wrong.
GDPR is a good idea, but still very flawed in practice which they really don’t like to admit anything wrong for some reason.
Bruh he was just being unclear
claiming the GDPR is good =/= claiming the GDPR is flawless
It’s a synonym for socialism and it means everything that i don’t like
I feel like people would have responded to this meme better if you didn’t depict the European Union as an NPC
Especially compared to some scummy corps.
They’re the ones who made the law. Who else should have been in the meme?
People complaining about the cookie law don’t understand the issue.
The law doesn’t state that websites have to show a cookie banner. It states that if a website wants to track you with cookies, they have to ask permission.
You can get websites (like lemmy and wikipedia) that don’t ask for cookies, because none of them try to track you.
So if a websites demands cookies or they don’t allow access, it is a clear sign that the website only cares about your visit if they can invade your privacy for profit.
Meaning it will just be a dumb clickbait website with no decent content anyway, that you should just skip.
The businesses who are actually doing this shit and not the people actually trying to solve issues in the world lmfao.
So far I’ve only seen small US newspaper who did this. Is anyone angry about this?
There’s a medical website that appears in top searches (forget the name) that does it too but yeah, mostly seems to be news websites but not the big ones. In most cases Unlock Origin or the like can hide the panel they throw up to choose if you really need the info or archive or 12ft ladder can get you the info.
I think you’re referring to healthline: https://anon.healthline.com/
I dns blocked them after constantly clicking on the first result and it being their site. The “please enable cookies” wall started to get old fast
If only there was a way to store state of that decision…
That’s the one!
I love how my description of basically “it’s a website in searches” was enough for someone to figure it out 😄
I just happened to run into a few recently. Just venting some frustration.
https://www.tagesspiegel.de has no option to disable cookies without a subscription from contentpass. I think it’s contentpass’s business model.
Serious question: I know that there are tracking cookies and the user should be able to decline those,but most sites have an auth cookie that stores you’re credentials. The devs can store it in a different place like local storage but thats really unsecured.what can the devs do in this situation when the user decline all cookies?
The EU is not stupid. They categorized cookies into the necessary ones for site-usage and those that aren’t. So developers just categorize their session cookie (rightfully) as necessary and that’s it.
Cookies that are crucial for the functioning of the website cannot be disabled by the user.
well, they can be disabled by the user and the site simply won’t work.
He means they are exempt from the EU law that says the use must be presented with the option to disable it
The eu rules are mostly about unnecessary cookies. Most web devs just copied whatever everyone else was doing and now there’s this standard of having to accept cookies but the EU doesn’t really enforce it like that
it’s not up to the EU to enforce it.
not sure why you’re downvoted. of course member states enforce it.
Usually the prompts are specifically for tracking cookies, not essential ones for login. Alternatives without cookies:
- URL sessions
- Tokens
- OAuth/OIDC third party
- Local/Session Storage (ditto - mind the risks)
The GDPR is not “cookie law”, it only prohibits tracking users in a way not essential to the operation of the site using locally stored identifiers (cookies, local storage, indexed DB…)
Storing a cookie to track login sessions, or color scheme preference does not require asking the user or allowing them to decline.
What the dev can do if user decline processing of personal data is not store such personal data in cookies or anywhere.
Or even better, do not track the user so the consent would only be needed in for example registration form.
I generally agree with the statment under that image and it’s certainly a funny meme but also Illegal, sadly the enforcment is a joke but that’s not really the laws fault!
Nearly all of these are illegal, but sadly there is little enforcement when it comes to this. (Tracking must be opt-in, not opt-out. Ignoring a banner must be interpreted as declining. Opting out must be a simple option, not navigating a complex and misleading menus. The users choice applies to any form of tracking, not just cookies…)