You know those modal screens that interrupt your groove when you are surfing?
There are no laws forcing websites to use them.
They use them because they choose to.
Bite code!
Cookie banners are not only not required, they’re not even needed, and most implementations you encounter today are illegal anyway. You can use session cookies and anonymous stats cookies without needing any user approval. Companies like to use these cookie banners because they want to make you mad at the law, not at them for tracking you up the wazzoo, and people who actually do know better trot out the cookie banners to enrage you at the government instead of at the corporations exploiting you.
EU law only states that if a website wants to track you, they have to let you know. That’s it. Seems very reasonable to anyone who isn’t a corporatist.
“EU law only states that if a website wants to track you, they have to let you know. That’s it. Seems very reasonable to anyone who isn’t a corporatist.”
Not sure if I understand the distinction, but many websites that I go to have cookie banners that specifically allow me to turn on or off tracking cookies. So in those instances the banners would be required, right? And don’t _most_ websites use tracking cookies?
I disagree with the premise here that an obnoxious banner isn’t the best way for companies to comply.
“Silence, pre-ticked boxes or inactivity should not therefore constitute consent” That means to me that you need be obnoxious in how you present it to the end user to get consent for tracking. How else would you do it? The Do not track header doesn’t meet this guideline. You can’t use it to ask for permission to track. And that’s what the companies want. They want to track you. Its in their best financial interest to do so. They want to compel users to legally agree to be tracked. You can hide behind the letter of the way saying its not required, but thats being rather obtuse. The companies are behaving as would be expected to maximize their profits while adhering to the law. If this is something the EU does not want, it would need to adjust the law to change the behavior of companies.
The point he’s making is that most websites don’t have to personalize the data they are collecting. They mostly do because they are using services like google analytics, and those are all personalized. But that’s not required to make your website work. He’s criticizing the choice these companies make to put that tracking on their sites.
I understand that, but the banner is there because of the EU law requiring notice. The tracking of personal information is not a bug, its a feature for them.
If the goal is to reduce the tracking of users, I’d advise the EU to turn tracking of personal information from an asset to a liability. Tax on x number of tracked users and/or require a third party audit of tracked information.
The EU law does not require these sites to track users. You could say that because they are tracking users, they are required to put banners up – but you cannot say, EU law requires banners. That’s not how logic works.
CaptainN-,
Not every site needs cookie trackers, but many legitimately do…so how else would you comply? The law necessitates disclosure and the banners are the most obvious way to comply.
Anyway, I don’t think anyone is strictly right or wrong here, it’s a semantic difference more than anything.
Well, the article’s main point is that they don’t actually have to track individual users, across multiple systems. You can still get pretty good analytics without doing that – and you wouldn’t even need to set the banner. No one is forcing these companies to track individual users in the problematic way. They care choosing to do it.
There are much larger problems at play here than just user tracking. Yanis has a great book on the topic called, Technofeudalism: What Killed Capitalism
CaptainN-,
That’s fine to say, but this is the way things work and the ad model underpins almost everything on the internet. I’d argue that anybody drafting the laws should have realized this is the natural outcome of their legislation. Bill Shooter of Bul made this point already, but if they wanted a different outcome they should have provided some kind of incentive for a different outcome.
I looked it up, but didn’t find much information so I can’t comment on it.
“The EU law does not require these sites to track users. You could say that because they are tracking users, they are required to put banners up – but you cannot say, EU law requires banners. That’s not how logic works.”
Logic can also work this way, chronologically: all websites track users. Their business models exist around tracking and targeted advertising. The law requires websites to allow people to opt-out using a banner. Most websites therefor must, qed, have a website banner.
Sure, they can just not have banners. Which would mean completely changing their entire business model. You seem to suggest it’s just as simple as them turning off tracking. It’s vastly more complicated than that.
I don’t really care, really. I hate the banners and I hate tracking but I think it’s intellectually dishonest to try and suggest they can just … quit.
Again, no one is forcing these companies to have revenue models that buy in to another company’s ad offerings. That’s a choice they are making, over finding alternatives ways to generate revenue streams. And I get why that is – but it’s still a choice.
CaptainN–,
I still think it is a semantics argument. Many businesses won’t have much of a “choice” in practice. They’ve already been dependent on 3rd party advertising for over a decade and it’s proven to be one of the few business models that works on the internet. Most small businesses would not survive a switch to paying users. Putting up a banner is by far the easiest and most logical way to comply with the EU law. To simply hand-waive the situation and suggest that they can abandon their entire business model doesn’t do the situation justice.
Bill Shooter of Bul,
I think it’s best to assume all websites you visit are tracking you whether they tell you or not. The banner is redundant in this aspect and it’s useless information to me. However I agree with you, given the disclosure requirements of the EU law, I think the banners are somewhat inevitable. The lawsuits are forcing companies to use them to obtain consent. Not only that, but the lawsuits are dictating what options the banner must provide.
https://techcrunch.com/2022/04/21/google-to-update-cookie-consent-banner-in-europe-following-fine/
For the record, I’m glad osnews doesn’t have a banner, I find them much more annoying than useful. Technically though I think osnews would not pass scrutiny if audited since it does not disclose its use of trackers. IMHO client side browser based cookie solutions are far better than website based banners, we even have a “do not track” setting. but for better or worse this isn’t the way the law works hence all the banners.
We could remove all forms of ads (and thus tracking) if we managed to become entirely funded through Patreons and donations. Sadly, that’s a pipe dream for now, so in the meantime, this is it.
Note that I have no influence over how and which ads we run. That’s up to David, OSAlert’ owner. I am not involved.
Thom Holwerda,
I understand. I wasn’t passing judgement. It’s a tough environment.
The facility I did hosting in is closing down as we speak. Not only is it stressful, but it’s costing a thousand dollars in shipping plus travel into a new facility with 100% inflation on monthly costs. The financial strain on small businesses hurts.
I’d prefer anything to the google monopoly, but you do what you have to do. I know you guys already tried briefly to get direct sponsors and that didn’t exactly pan out. Of all the ideas I’ve had for osnews over the years, none of them generate money unfortunately.
@Alfman
Yes, it seems self-evident that end users should not rely on or trust commercial entities in the same way they trust a friend or associate.
The current use of the cookie banner is basically a lie to your face, “It’s like here I found your wallet”, while having a plan to pinch and empty it!
Exactly this… Many of these popups are obnoxious and make it as difficult as possible to opt out. What’s more most of them make you resubmit the form every time you visit the website (i suppose you could claim by not tracking you they don’t recognise if you come back?). Often “accept all” is a big obvious single button, whereas rejecting requires you to scroll down a huge list of ad providers and untick each one manually.
The DNT header seems an obvious thing – if you see this header then you should assume that the user opts out of _ALL_ tracking by default, don’t show them the popup at all but provide a link to the settings so that they are able to manually opt in if they want.
I don’t know if these banners are different from jurisdiction to jurisdiction?
From the US I see sites like stack exchange using them on every visit. They probably use them globally. Yet I’ve never seen one on a google property. I’m guessing google treat this as a regional requirement because I have to assume google’s european users are seeing them?
I don’t mind the popups. They’re an interesting and informative read to see what they use, and it’s interesting to compare it against the the tracking blockers to see if anything is missed on either side.
It’s a good thing when a site has a prominent option to only accept the ‘necessary’ ones, and it’s a negative for a site when they make that option hard to find or force you to go in and turn them off individually, or worse yet just tell you without any opt-out (and the worst when they have no notification at all)
It seems I have an unpopular opinion in this case though.
The1stImmortal,
I don’t mind the information being provided, but I think the implementation could have been much better. It’s bad that these banners intrude on the web browsing experience and offers little consistency from one website to another. A far better solution IMHO would be for information & consent to be provided in a standardized fashion. The browser could display it similarly to displaying an SSL certificate. The user could review/change their privacy policies for all the websites they’ve visited and what permission they gave. Browser extensions could help users manage their choices, etc. None of us would have to look at the in-page banners except maybe as a fallback mechanism.
Having a standard would not only provide a better, less intrusive, experience for users, but it also facilitates automatically scanning websites for compliance instead of every website doing things differently.
In principle I’d agree, but then you end up with something like Do Not Track where it’s both ignored and misused by web browser vendors and sites alike, and most users are unaware of it)
Putting it in-band on the website is at least difficult to miss.
The1stImmortal,
I agree, but that’s because it’s a chicken and egg problem, not because it wouldn’t work. This is exactly the sort of problem that regulators are well suited to tackle. Obviously if compliance were mandatory, more would comply
Welcome to OSAlert Corp.
https://imgur.com/a/7N0I34D
Thanks.
“Companies like to use these cookie banners because they want to make you mad at the law, not at them for tracking you up the wazzoo […]”
My thoughts exactly. And don’t get me started on “Legitimate Interest”. How long can you go before you just get sick of it and accept by default?