Say there is this new law that forbids to smoke inside public places (read: restaurants, bars, pubs). For the sake of the metaphor, say these places received some benefit from tobacco companies from having people smoke, so naturally they react to this law by remembering in the most annoying ways how you cannot smoke inside because of those pesky lawmakers (and not because people really voted in favor of less smoking in public places). For example, by creating smoke-friendly spaces where allowed, leaving less and more cluttered space for the smoke-free tables; and giving priority to the orders that come from smoker areas.
This is the cookie modal. It's the pages that show obtuse cookie modals the ones choosing to follow an aggressive anti-user approach. The fact that seemingly ALL of them are aggressive or use obscure techniques only shows how ingrained this smoking problem was all around.
EDIT -- the thing about this comparison is that those things happened when they implemented the anti-smoking laws in my country. You would see smoke-preferential areas, or in most places which didn't make the cut to have one, customers were all angry because they weren't able to smoke a cigarette after their lunch. But give it time, and years later most if not all restaurants and customers have accepted the new situation, offering an overall better experience for everybody involved. And I think that's what will eventually happen with the cookie law now that the GDPR has made more obvious and annoying the whole process.
I had no idea what you were talking about until I read other comments about annoying modals and whatnot. I do not get these with uBlock Origin, and uMatrix installed. You should install uBlock Origin at least. If I disable it, I get that modal people are talking about.
I definitely don't see 99% of them, thanks to uBlock Origin with the "Fanboy's Annoyance" (which itself includes "EasyList Cookie List").
The other 1% is from websites which do break miseraby when the cookie modal has not been actually accepted or rejected by the user, in which cases the uBlock filter needs to be disabled in order to be able to reject the thing.
I found that I often have to disable uBlock Origin to access a website. Most of the time I just avoid the website, but there are times when I cannot do that (must access the site).
Sometimes I can disable, get on the website, then enable again, and it works (after refresh). I use it to block elements on Discord, for example, which did not run with uBlock Origin enabled initially (from what I recall, that is).
> But give it time, and years later most if not all restaurants and customers have accepted the new situation, offering an overall better experience for everybody involved. And I think that's what will eventually happen with the cookie law now that the GDPR has made more obvious and annoying the whole process.
I really hope that, but right now, I'm not optimistic. With smoking and restaurants, even if the tobacco industry was involved to some extent, it was not singlehandedly funding the whole restaurant business. The main business model of restaurants - people pay to have great food, drinks and a good time in general - is independent of smoking. In contrast, a large part of the modern web seems to be built on ads and tracking as its very foundation.
I agree that's where the metaphor falls short... I wanted to talk about how these big changes in regulations, affecting how mostly everybody had been doing business until that moment, tend to be strongly rejected by affected parties, but they tend to be worth it on the long term, and people end up getting comfortable again under the new rules.
But you're right that in this case the problem is that most websites have been "cheating" by supporting themselves on shady stuff, and now that rules and laws are being reviewed to cut this possibility out, here comes the crying.
I recently spoke with an older brother of a young man, about 13, who is heavily addicted to TikTok. His brother told me that he has been skipping school to stay on his phone, and that when his phone is taken away, he flies into a screaming rage, and runs down the street barefoot.
I don't know, but don't you think perhaps there's a reason other than being addicted to an app that makes said younger brother want to be hooked to his phone all day, avoiding things like school? Perhaps it's just an avenue to escape something.
I really like this comment. Very rarely do people understand that there are reasons for people seeking escape. All addictions seem to be a way to deal with some issue they are facing. If the root cause is fixed, the problem should be solved. People would rather blame technology rather than understand human beings. It's an easier route to take.
Might be, but nevertheless technology makes those problems worse and is optimised to exploit individuals who are already vulnerable.
As another example, many F2P mobile games have the concept of "whales", individual players who invest absolutely unwarranted amounts of money into a game. Is this healthy player behaviour? Of course not and no game dev would say it is. Is there a majority of players who manage to play in a healthy way? Usually there is. Nevertheless, a significant part of funding for those games comes from the few whales, so the game only works as a business because some players get addicted to it.
Sure, I think it is possible. I do not know the situation very well. It is not the first such case I know, however.
My friend's young 4-5-year-old, for example, the child of two model parents, has had similar behavior. Her screen time is very limited, but once there is a smartphone or a tablet in sight, she's inconsolable.
She does not use anything like TikTok, just watches some parent-curated videos.
Strangely enough, it's my friends who can't seem to have a good time without drugs who've told me how great tik tok is.
In response, I shared some medium form (10-20 min) educational video essays on YouTube about whatever I thought they'd be most interested in as an example of media I trust. I could tell my friend understood the difference, but also was never going to admit his tik tok feed wasn't just as productive.
Probably not... I think he comes back pretty quick. It's cold outside in these parts, and he's still just a kid throwing a temper tantrum, after all. I didn't get many details, was only a short chat. I was shocked by the story though. I don't recall being nearly as attached to anything as a kid.
How does TikTok moderate their content anyway? Do they just have a massive amount of people scrolling through user reported videos looking for violations?
Being primarily video based and having the lowest barrier to upload seems like it would be a recipe for disaster.
As I click my 10,000th cookie modal to read this article, I am forced to ask if this legislation has made my web experience better in any way, to which the answer is a resounding no. I understand the importance of it, but please prioritise revising its shortcomings rather than doubling down on being the most tech-hostile region in the developed world.
Now you know which websites are willing to absolutely ruin your experience just to abuse you. The implications can be seen pretty much everywhere in society, it is a momentous step in the right direction.
I think what happened when brexit went into full effect was pretty telling. Both Facebook and Google were on their toes to get back to abusing the data of UK citizens. There's much to be gained.
It's also interesting to see how Google has reacted to this. Them being the owner of Chrome, they could have implemented a new API in no time which would allow advertisers to use an alternative to cookies. An API where I as a user can define my preferences regarding targeted advertising, and the site owner can query these preferences.
An API where advertisers can also store advertising-ids and more site-specific, tracking-related settings into (if the user grants this permission), giving them the possibility to move away from the use of cookies for this purpose. Then it should become obligatory to not use cookies for tracking and ad-related purposes.
There are cases where 3rd-party cookies are important, and I'm a bit afraid that Google wants to remove them altogether.
I personally don't care about non-personalized ads. If the advertisers see that it makes no sense to offer me a random ad, they may start looking at the context of the page where they are serving there ads, in order to serve me a bit more relevant ads. Then again, there are others who absolutely love personalized ads. So this solution would be a fair offering to the advertisement industry.
This API could even be so advertiser-friendly that the user could even specify categories of interest so that the advertiser doesn't have to guess through tracking.
I assume the key aspect here isn't to provide an alternative storage mechanism (since the cookie laws aren't actually about cookies themselves, but rather storage), but rather to provide a mechanism with clear and centralised user control. Users must opt-in, so its good in the eyes of the laws, but the advertisers get the benefit of easy legally-compliant tracking when a user allows it.
The best are ones which just give reject all cookies option (of course they still use strictly functional cookies). And I always thought that is how it should be, both extremes should be equally easy to choose.
The best ones are the ones that only use functional cookies until you do something active (like check "remember me" on a login page), thus negating any need for popups etc at all.
This is the correct answer. Non essential cookies should just be turned off by default and should only be enabled via normal navigation through a website. Your ‘remember me’ example is a good one. Thus, no banners are required, ever. This is the exact approach Github went with.
The best ones are the ones without a cookie banner because they only use cookies that don't need consent, i.e. the strictly functional ones.
One issue I do see with GDPR (or its consequences) is that a market participant that only sets those strictly necessary cookies actually now gets viewed by some as iffy, because they don't ask for consent.
Basically, the industry standard of treating users (paying or not) like shit has normalized this sort of abuse/harassment so much that "the good ones" stick out in a bad way.
None of which is meant to discredit GDPR though. If anything, I'm looking forward to more case law like from last year in Germany, where a dark-patterned cookie banner was ruled to be so misleading that it didn't constitute informed consent anymore.
Strictly functional cookies don't mean the site doesn't work without them.
It does mean e.g. clicking "°F" every time on a weather site, because you're an American living in Europe. A strictly functional cookie could remember that choice.
Many sites ruin your experience because they don't know any better. GDPR is perceived as a Sword of Damocles by many smaller and medium sized companies and they will annoy you with elaborate consent solution for which they are paying a ton of money even if they most probably wouldn't need to do it.
For the big players it is easy. They often don't annoy you with consent banners because:
- they have legal departments that understand GDPR and protect them (e.g. GitHub)
- they require your login and therefore have your consent anyway (e.g. Facebook)
- they can afford to skip Cookies because they have elaborate fingerprinting solutions
- they just ignore the law and risk be sued (e.g. Germany's Spiegel Online)
There is a ton of literature about how it should be done, there has been enough press for anyone to be aware that it's a serious subject that needs to be studied, and small companies will often consult with external legal advisors because they can't afford to get on the wrong side of the law on this aspect.
I've participated to a ton of these discussions in small and big entities, basically everytime a new service is launched or significantly changed.
In my opinion it's pretty close to handling your finances: you don't go through all the hoops to pass you holiday rental as expenses just because you didn't know better.
> because they can't afford to get on the wrong side of the law on this aspect.
Conversely, some can't afford to get on the right side of the law on this aspect. In our case, we had ~15 customers in the EU (out of ~2000), totaling $2,000/mo MRR. After talking with our legal counsel, we decided to exit the EU market entirely. Our business model was a simple niche B2B SaaS. We never sold, shared, or traded any data of any kind.
When we fired our EU customers, they were very upset! They assumed we were doing something "shady", which wasn't the case at all. The regulatory burden simply wasn't worth the relatively small MRR. The quotes provided for a third-party DPO was higher than our revenue in the market, and the only other option was for me (an overworked founder) to take on that role, and I valued my time higher than that MRR.
Those customers lost out, because after we exited, so did every other player in our niche. Nobody wanted to deal with it.
Is there no open source effort to make this easy? Or is it one of those instances where people want to do it but don't want to take the legal stands (which is completely understandable).
Edit: Also if you are not selling/using this data, why can't you remove everything but session cookies? Please note I'm not a web developer so the answer can just be because it's too much work.
For us, the issue wasn’t a technical one. It was a human one. Our lawyers said we had to appoint a “Data Protection Officer” who’s job it is to respond to requests from EU persons to delete their data. We were a small company and everyone had enough on their plate as it was. Adding more work to keep <1% of revenue wasn’t worth it.
I think I can count on one hand the number of right-to-be-forgotten requests the team I work with has ever received in the last three years (with 15x the users). We've had a couple more subject access requests than that, but we'd already shipped pretty comprehensive self-service tools for retrieving data that met the vast majority of our user's needs. This doesn't seem like an unreasonable thing to expect a service to offer, IMO.
I would argue that the duties of a DPO is not more work than a small company could handle and indeed, it's slightly odd to me that a small company would think that a small handful of data erasure requests or subject access requests are a) somehow difficult to do given 30 days notice and b) somehow consume more time than the profit left over on $24k revenue buys?
Most companies here in the UK just take it in their stride and have no problems complying.
Unsure of how you extrapolated the total number of users from my previous statements. We were a B2B SaaS where our customers each served 10,000s of end users, who also had access to our platform with their data stored within. In aggregate we’re talking 25mm+ total users in my case.
At the time, being that the DPO role was new we didn’t know how many requests to expect. And while the law may allow for 30 days, our customers wouldn’t take it well if it took us longer than a couple days (our customer service SLA was 24 hr first resolution time). Their customers would complain to our customer who in turn would complain to us. If we make our customers look bad, we hear about it loudly and clearly.
To each their own, I suppose. From my perspective as an overworked founder, with a small team, growing at >200%/yr, we didn’t see the need to take on additional work just to maintain a very small revenue stream
I don’t fault companies for wanting to remain in the EU market, but for us, it didn’t make much sense at the time as our real growth opportunity lay in the Us/Canada (mostly due to consumer habits in the region).
I have no issue with the spirit of GDPR, and as a human, I support it personally. But, for my business at that point in time, it didn’t make economic sense to comply, so we left.
> Unsure of how you extrapolated the total number of users from my previous statements. We were a B2B SaaS where our customers each served 10,000s of end users, who also had access to our platform with their data stored within. In aggregate we’re talking 25mm+ total users in my case.
Doesn't that make you a data processor rather than a data controller - i.e. not at all your problem for your end user's end users?
> There is a ton of literature about how it should be done, there has been enough press for anyone to be aware that it's a serious subject that needs to be studied, and small companies will often consult with external legal advisors because they can't afford to get on the wrong side of the law on this aspect.
Companies relying on information from literature, the press and from external advisors is part of the problem.
All these parties often have motivations that are not necessarily 100% aligned with their clients. In the best case they are just overcautious because they don't enjoy the same protection as lawyers. In the worst case they sell GDPR products or profit indirectly from the sale of these products.
All that most companies need is advice from a lawyer that understands GDPR and acts in their best interest. That alone would kill a good deal of cookie banners.
> they require your login and therefore have your consent anyway (e.g. Facebook)
Requiring you to login doesn't automatically mean consent. In fact, the laws state that you cannot make consent a requirement for using the service. You can do login without needing any consent, as cookies needed for functioning of the site are exempt, but even if it wasn't the case, opting into some doesn't automatically opt you in to all.
> they can afford to skip Cookies because they have elaborate fingerprinting solutions
The law isn't actually about cookies at all and rather about tracking/storing. Things like localstorage are counted the same as cookies. I'd have to check the exact language, but I wouldn't be surprised if fingerprinting isn't against the cookie law too.
That's because the "Cookie Law", which real name is the ePrivacy directive, is separate (and predates) from the GDPR.
This directive defines in (24) [1] : So-called spyware, web bugs, hidden identifiers and other similar devices can enter the user's terminal without their knowledge in order to gain access to information, to store hidden information or to trace the activities of the user and may seriously intrude upon the privacy of these users.
The definition is broad. Does server-side fingerprinting solutions fits into it? Maybe not in the letter of the law, but at least in the spirit. Until a court decide either way, we won't know for sure.
HN is unique in that it doesn't have or care to have ads. Same for GitHub and websites owned by big companies that don't depend on ads as a primary revenue source.
I'm slowly starting to stop using these sites because it turns out that half of the internet is clickbait misinformation trash run by people who do not care about my privacy and who want to suck up as much data about me as possible. Its difficult sometimes, mentally, but I feel like my life is better without these garbage sites anyway. I now spend more time playing guitar, that I used to spend on the internet.
ignoring the fact the vast majority of users never noticed , never cared, and still don't care but not robotic like click away the warnings.
I am not dismissing the need to let consumers know how their habits and information are used I am merely stating that many here overreact on behalf of people who really could care less, they just want their content
Whenever I read such comments I'm reminded of the fact that many indians did not want independence from British Raj. Many people actually made similar arguments, that indians don't really care, but I'm glad those people didn't win the idea war.
> Now you know which websites are willing to absolutely ruin your experience just to abuse you.
Which is absolutely all of them. I guess the legislators wanted the popups to be annoying so publishers would be forced not to import their party scripts. Turns out publishers can’t stay open without the ads that pay their bills which means popups are the new normal, to the point where when I see a website that doesn’t have popups I suppose they are just in violation of the law. Thanks EU!
No, the legislators didn't want the pop-ups to be annoying. They didn't even require pop-ups.
Who wants the pop-ups to be annoying and riddled with dark patterns are the ones implementing it, exactly to cause this kind of reaction on you so you start hating the law, not the ones who are trying their best to skirt around it, to find the loopholes and abuse them. To make your experience as poor as possible while being compliant so you will focus your hatred on the ones who wrote the laws.
This is part of their game, make the experience miserable to people start getting angry at politicians.
If you knew the law then you wouldn't say how bloody stupid it is.
It isn't perfect, at all, but no laws are. This is a major milestone for the discussion of data privacy and pushed the world into that, it needs to be worked, of course, but that's how laws work, they take time to evolve.
As someone who has had to work on several GDPR compliance initiatives I don't think it's bloody stupid at all, no matter how much more workload it has created for all the teams I helped to implement it. It has quirks but it's in no way bloody stupid.
I'd prefer if you can list your arguments for being bloody stupid as just stating that does not develop any kind of healthy discussion, it's your opinion and judgment of value, with no supporting argument. Good luck with that, victim-blaming is corporate-bootlicking.
- Opt-in and opt-out should be equally easy and accessible.
Tell me how a company who would be trying to be ethical and follow this spirit would come up with the current pop-ups.
Don't blame the legislation for allowing dark patterns to be used due to loopholes or failure of prediction all possible clever tricks to circumvent the spirit described above.
It hasn't unconditionally failed, the pop-ups are still there and I opt-out of every single one of them.
Except one: schneidersladen.de - they follow exactly the spirit of the law, I put the bar there.
> 'National Geographic' is not evil, they are struggling and most of these sites are not giant entities with well-staffed experts.
There's a very simple solution: respect my privacy and don't store or sell data about me. If you only use cookies necessary for running the site, then you don't need to do anything.
If you must track me, then do as sibling commenter said. If you store privacy-invading data about me, then you damn well better know the laws and if you don't, then sorry, you can't track me on your website.
This position is a somewhat naive because it does not following through with the consequences of the actions: you missed the part where there is no National Geographic - and you don't get any content - in the most ideal scenarios from the user's perspective.
The business model of the internet is advertising, as of today, that requires cookies, which by the way, don't represent material harm.
Also - you're specific view is in no way representative of the population at large. 'Most people' would rather remain completely private at the same time, they would forgo at least some degree of privacy for the option.
Given the choice of a:
a) No content
b) Constant popups
c) The previous imperfect norm but where people can get their content without hassle ...
They would chose option 'c' - hands down.
The effect of legislation is to create popup hassles for individuals that they never read - and to provide no real material improvement for people.
What they could have don instead.
i) Orchestrated cookie-free advertising exchanges and solutions
ii) Created privacy 'categories' and relevant rules and symbols, like movie ratings - and a symbol could be placed o prominently on the site so consumers have a quick and easy mechanism to know where they stand.
iii) worked with other nations and groups to arrive at consistent standards. With Canada, Australia, Japan on board, it might be very well possible to convince a Biden-lend USA to buy into some kind of standard.
What we have now is not pragmatic and it's ill conceived.
This would all go away if users were will to fork over 5 cents to read an article.
I see this mindset a lot but I don't really get it. You'd rather blame the legislation for forcing the websites to disclose all the tracking that they do instead of blaming the websites for tracking you in the first place?
I'm very happy that I can at least click "say no to all" when I get to a new website. Hopefully if enough people do that, they'll realize that the current approach is counterproductive and switch to a different model eventually.
I don't know if you've ever bothered to go through the list of "third parties" you can now opt-in to track you, but I'm frankly amazed by the sheer number of them. Literally hundreds. Before the GDPR I knew that I was tracked online, but honestly I underestimated the scale of it all. Apparently hundreds of companies around the world used to track my every step online. Good riddance.
I'm using Enhanced Tracking Protection set to Strict, and I still get cookie banners. Is there any difference between saying "Allow All" and "Reject All"? Will "Reject All" reduce server-side tracking and sharing of information among data brokers?
I disagree. Pop-up fatigue causes people to just click the button that will get them to their content the fastest. While some people might dive into trying to opt out, when you get these pop-ups on every other site, many people are going to click the easiest button to make it go away. This is a poor law because it has to be done on every website.
I think it may be better to have this as a decision the user chooses once within their browser, and the browser can then pass along the intention to the website. There can maybe also be a third option where the user could then choose on each site, and the browser would show the choices, rather than the website itself. This would standardize the UX around the issue.
The law is that it needs to be as easy to reject cookies as it is to accept them. Ergo, "people are going to click the easiest button to make it go away" indicates a failure to enforce.
I agree it'd be better handled by the browser than each website, though.
My interpretation of that is that at least two buttons are required: a close (or “reject all”) button, and an “accept all” button. Websites would then be free to add a third “customize” button if they wish.
Unfortunately, many websites that I’ve seen have only “customize” and “accept all”. And the customize pane then contains dozens of preselected checkboxes (which, AFAIK, isn’t allowed, but I digress). Each checkbox is for a separate tracker I need to disable before clicking “save”.
The problem is absolutely the lack of enforcement.[a] If it was being enforced better, these sites would be fined until they fix themselves.
[a]: Yes, I’m aware that it is being enforced. I’m complaining that it’s not enough.
GDPR is not only about the browsers , it is applied outside of tech too, would be weird for the law to define browser standards . desktop apps standards and mobile apps standards.
Developers should do their job, does w3c guys could decide how to handle this and not force politicians to decide for them.
Sure some people will click accept but some of them will know who is the actual bad guy that sends their data to 100+ third parties and what websites are respecting them or at least respect the laws.
I agree that browsers could do a better job, maybe implement a shit list, put all shitty websites there and ask you only once if you want to accept to allow this bastards to track and sell your data or if you want to open the website in a special container. Then if you decide to use the container the browsers should try to do their best to limit the tracking, maybe by blocking requests to the trackers, clearing caches often, disabling some features that could fingerprint you and if it works just disable JS.
But who knows, maybe we will have to pass laws to force the popups to use certain fonts, colors and input types because the majority of websites are evil.
> This is a poor law because it has to be done on every website.
The law doesn’t require this, it only requires informed consent.
> I think it may be better to have this as a decision the user chooses once within their browser, and the browser can then pass along the intention to the website. There can maybe also be a third option
This is would be an allowable approach under GDPR. Someone just needs to build it and make it happen. Unfortunately the “do-not-track” debacle shows that ad companies aren’t interested in playing ball. Hence our current mess.
There are more or less annoying prompts however. With the later kind I could coexist.
Instagram has the most annoying one ever, if I stumble upon it by accident I am so annoyed that I need to count to 10. And I am not even using it, its just random click
The far less annoying popups are barely noticeable and do not block/fade content or have missing options like "NO, I don't want cookies, let me in".
Legislation is problematic too. I can't be bothered to make a decision to make a decision about storing cookies every time I visit a website, so I click yes every time without reading.
Having to go through a menu of a few dozen items to see & choose what you'll allow to track you is annoying, but so long as sites are willing to track you in dozens of different ways there's really no way around it.
Sites win because exercising your privacy rights even under the GDPR is an inherently annoying thing to do.
> Sites win because exercising your privacy rights even under the GDPR is an inherently annoying thing to do.
Under GDPR:
- only cookies and data strictly required for the site's functionality don't require consent
- collection of any other data requires consent
- pre-ticked boxes, lack of "reject all" button, leading the user to click "allow all" and similar dark patterns are not consent, and are, strictly speaking, violating the law.
See? exercising your privacy rights under the GDPR should be extremely easy. Too bad the law isn't enforced vigorously enough.
The law wasn’t designed to make your web experience better, or worse.
It was simply designed to make it easier to exercise your right to privacy, by forcing companies (and by extension their websites) to get informed consent before they invade your privacy.
There’s many reasons why we’re in our current mess, but I don’t think making companies get informed consent is “tech-hostile”. It’s privacy invading hostile, and if privacy invasions are now synonymous with the tech-industry, then as an industry we need to take a long hard look in the mirror and decide if we’re going to continue enabling this behaviour, or find other business models that don’t rely on trampling the rights of the ignorant or uninformed.
I honestly don’t understand why people take such an issue with the concept of informed consent. It’s one the foundations of a free and equal society.
> I am forced to ask if this legislation has made my web experience better in any way
If it were as hard to opt-in as it is to fully opt-out, or as easy to accidentally (and permanently) opt-out as it is to accidentally (and permanently) opt-in, then there might be a case for something other than the sites and/or their partners being the problem.
The legislation does not in any way force sites or their partners to make your browsing so inconvenient if you don't want to just click "accept all from all without or without lube". They could implement a small non-modal active-opt-in option, they instead chose to implement labyrinthine modal hunt-the-231st-opt-out adventure games.
The website could have chosen to make your experience better by showing you 0 popups. EU isn’t involved in the quality management of web experiences.
To do that, of course, the website would need stop sending your latest ip address, your unique identifier, and the information that you’re a techie interested in Tiktok to all ad agencies and data brokers.
> I am forced to ask if this legislation has made my web experience better in any way, to which the answer is a resounding no.
I actually find myself digging into the settings that are offered to click on "Reject All" where possible. I wish my region had the same data protections :-/
Well, it is better, since I assume that you don't click "yes, allow". If you would, you would likely have a cookie saying "he/she is ours" with a lifetime longer than the heatdeath of the universe. If you dare to click no, that's when you get 10k options and optouts and have to send fax to someones grandma.
The root cause of your experience being worse is not the legislation, it's that the site doesn't follow the intent/purpose of the law. They want to annoy you until you click "yes".
They could simply present you with a yes/no modal once and be done with it, but they choose not to, hoping that they will break you down with time.
No, legislators don't get to ignore the unintended consequences of the laws that they implement.
This applies to all laws that are passed. It is a frequent criticism and problem, of laws, is that there are often unintended consequences. And that is the fault of the law, that they did not consider the unintended consequences.
They are reworking the cookie law, it's just a complex piece of legislation. They are aware of its shortcomings, and want to tackle them through an enforced browser setting.
> This will ensure that these popular services (WhatsApp, Facebook Messenger and Skype) guarantee the same level of confidentiality of communications as traditional telecoms operators.
Sounds very ominous, don't law enforcement agencies have access to the "traditional telecoms operators" data?
On topic, a Do-Not-Track header setting that automatically opts-out of everything and the new "legitimate interest" trend, would be awesome.
There are a number of ways I can get to that content.
However, I don't think the content is worth it.
I've found a very strong correlation between low-quality content and low-quality presentation.
When I see a site which pulls this kind of crap or requires several megs worth of JS just to display text, I just assume it's low-quality content and move on.
> I am forced to ask if this legislation has made my web experience better in any way
Yeah, and women's suffrage caused longer lines at the polls because more people vote so you would have to wait longer. It's not about the experience, it's about your rights.
I think that they should've included something into the law, that makes it possible for a browser to automatically signify how a user wants their data to be used; for browsers to offer some interface to control these choices, and force websites to automatically accept these choices. I'm hopeful something like that will come around sometime. I think some browser (looking at firefox or brave here) needs to perhaps offer such an interface first, so that legislators could pick it up and make a law that'll make it possible to enforce compliance.
I, sometimes, think we could be a lot more developed(tech-wise) without regulation but...
we got to the point when they are needed, badly.
Dark patterns, web wide tracking, anti-consumer features. vendor lock-in, you name it are all over the place and common practice and not there to help/protect consumers.
I feel the same, the web is build around standards, and the fact that there is no standard for this central "feature" is a real pain to deal with everyday. If I had the time I would build a auto-reject browser plugin.
Training older people and non tech literate people to just randomly click yes on every website has to be one of the greatest fails of the GDPR. I would say that people are even less safe now. Cookies, while annoying and privacy-eroding, never hacked someone's system like clicking yes to installing God knows what malware will do. We had just trained everyone to not do that.
Since this law came in effect, I'm allowed to opt out of tracking, download my data, and request its deletion. If that wasn't the case, that data would still be held hostage by various services.
Personally I feel the problem arose from trying to write extremely generalist legislation in the GDPR without actually addressing the economic incentives OR mandating a technical solution.
Mandating a technical solution such as "respect the DNT header" would have the disadvantage of limiting innovation, but would have forced a clear division of websites into "you can't browse here without turning DNT off" and ones that actually worked properly.
Alternatively, just straight up banning the browser-targeted advertising practice would take away the economic incentive to do this kind of nonsense. That would force the "how do we get paid" question again, which remains awkward.
That law is a very bad execution on a very good idea. Simply making adherence to a do-not-track header mandatory would have solved the same problem without annoying anyone.
Title wrong as it's EU - not Europe, but many confuse and transpose them - even though they are not verbatim.
No different than European publications seeing something happening in a small town in a small county in a rural part of Texas and writing "Look what's happening in America!" headlines.
I have always promised myself that if I become a billionare, I will simply stop providing services to municipalities or countries that create arbitrary laws that make it hard or difficult to do business in. Honestly Google should have just boycotted Europe for a week and seen how well everyone handles not having gmail, google, or anything.
California is particularly onerous about all sorts of stuff like labelling everything as cancerous even though you'll probably need to spend 60 years licking the plastic bag labelled as such, or GDPR which required thousands and thousands of man hours at my last job when we weren't in Europe, the law was legally unclear, etc. Or the stupid cookie banners which guess what - do nothing.
edit: another example was at working at a cigar shop where we could happily sell individual cigars and ship them, we could sell boxes of cigars, but we couldn't sell pre-packaged mix and match bags since, well you know, they weren't individually recognized and regulated skus (even though their contents were) and we just decided to drop that program. It's a shame, mix and matching cigars is great. PROP 65 Warning: smoking kills you.
> Honestly Google should have just boycotted Europe for a week and seen how well everyone handles not having gmail, google, or anything.
I think the EU would have loved that. There are perfectly viable alternatives to pretty much everything that Google offers, some of which created in Europe. They just never gain any traction because it's convenient to just use Google for everything.
I still use Gmail and Google Calendar at the moment, but that's primarily out of inertia. The biggest thing I'd miss would probably be search, but even for that there are reasonable alternatives.
The biggest competitors are obviously not European (eg. MS, Fastmail) but there are smaller companies like mailbox.org that offer less polished but functional alternatives. I'm not saying that those would be a perfect replacement for everything that Google offers, but they get close enough that they might do the trick for a large number of people (which would then give them the income to make further improvements to their platform).
LibreOffice, to some extent. But more pertinently, the Czech search engine Seznam[1], founded in 1996, was the most used search engine in the Czech Republic until Google took over in 2014 due to the influence of Android. Seznam is well diversified and it shouldn't be difficult for it to expand into other markets given the opportunity. It is a major regional player in search, maps, email, news, real estate, jobs, ecommerce, video streaming, advertising, and probably more. Its portfolio, which includes a chromium-based web browser, is quite impressive given that the Czech market consists of some 11 million people.
ONLYOFFICE and NextCloud can do a whole bunch of cloud things, both for personal and business use, although I guess you could mention several things that are great in GSuite and not offered at all by these two.
Spinning up a Nextcloud instance for $5 a month will replace almost everything that Google did in your life, as well as giving you a lot more granular control over your data.
There's nothing, not even close and it's obviously a problem.
The reason a lot of this antagonism exists is because the EU is not able to compete in a lot of these areas.
While there's a lot of good impetus is privacy legislation, there should be 10x more effort into gearing themselves to be more competitive.
Edit: Europe's inability to materially face this problem is by far the #1 issue. There definitely is an acceptance, on some level, behind closed doors certainly there is discussion and some action, but much more energy seems to be devoted to punishing foreign, successful companies.
It's a bad position to be in to try to legislate foreign behemoths than to have your own, and be worried about how foreign nations may be regulating your own behemoths.
Edit 2: I've made a similar comment a few times and it's guaranteed to be down-voted (again, that's fine, I don't mind it's not a personal issue I have no problem with votes) - but assuming that this is more than likely Europeans down-voting as a rough measure of disagreement, it's really quite a disturbing sentiment that at least popularly, there's difficulty in accepting the obvious lack of competitiveness in these areas. This is why I say it's the #1 challenge - until there is acceptance, there will no progress.
"The EU" entirely depended on Google not doing that. And by that I mean the bureaucracy and other apparatjik - not the people.
Had Google literally banned Europe the backlash would be large, large, large against 'the EU' from people who live there and were trying to live and do their day to day online activities.
Yeah, it'd be Evil, but sometimes companies should really swing back at heavy handed regulations.
I wouldn't be so sure. Google is an American company, and there could well be an element of nationalism in the response, i.e., a sentiment that "stupid imperialist Americans are trying to force us to change our national laws." Furthermore, a monopoly operator that objects to new regulation isn't the kind of entity that typically elicits a lot of sympathy.
It seems you don’t see the value in having one integrated provider for everything. Other people clearly do.
Also if there were GOOD European alternatives to those google service people would use them, but there simply aren’t. Low salaries and terrible regulations are to blame.
I'm not sure many people go upload on youtube because they already had a gmail, and a small enterprise loosing all their documents because they got their home made ads copystriked by drive by DMCA trolls also doesn't sound like a great integration feature...
Honestly, what, beyond the account infrastructure, is integrated in googles consumer products?
Do you understand the difference between US vs EU markets? As in: demographics issues, language issues, product targeting issues?
There are no good European alternatives due to a conflation of these issues, not just because of regulations, that's such a naive (or willingly ignorant) take on a complex issue.
How would European tech companies start and compete against FAANG right now? Given that the EU market is quite fragmented between demographics and language? How can an European tech company avoid being acqui-hired or acqui-killed by one of the current massive tech giants?
If you don't develop your arguments of what kind of regulation holds EU tech companies back and posit that against the issues I mentioned then I can't really trust you understand the problem and differences between markets that give benefits to the US economy, as it always had, it's a massive and more homogeneous economy than the EU.
Let's compare US vs China tech as that seems more of an appropriate comparison from the baseline.
> Honestly Google should have just boycotted Europe for a week and seen how well everyone handles not having gmail, google, or anything.
So we'd all be using outlook.com, bing and other alternatives now. Would've been a really bad move to just forfeit a market like that.
The cookie banners do actually help a lot, as they bring awareness about privacy issues to the broader public and allow to choose which sites to use based on how hard they make it to opt-out.
Laws like this are important because they make companies design for the benefit of the consumer as opposed to just for their own. And I'm gald the EU is pushing for this with the power they have while no other legal entity of similar size seems to bother.
I'd love for Google to give the EU a solid reason to encourage homegrown (and tax-paying) alternatives to big US tech (much like China has managed to do with Baidu, WeChat and Alibaba). Breaking big tech monopolies is hard, so I can only pray for them to get the ball rolling with a massive mistake like that.
> I'd love for Google to give the EU a solid reason to encourage homegrown (and tax-paying) alternatives to big US tech
Big tech pays it's taxes in Europe, via Luxemburg and Ireland in a 100% legal way. If Europeans countries are serious about collecting tax revenues they claim should be theirs, all they have to do is simply write it in the tax code.
If Europe wants to compete, the first thing it has to do is fix it's talent retention problem. Build more and pay more.
Easy to whine about these "evil foreign tech giants", harder to tackle the real issues! Will paying coders more get bureaucrats re-elected? Will going after large corporations using the same laws as the tech giants help them getting re-elected?
But he is right. Why not just fix this at a policy level?
While paying low tax seems morally wrong, the job of a company is to do good for itself, because they all are responsible to their shareholders.
Google left China on moral grounds in 2000s. Did that make other companies follow suit? No.
Apple had no problem censoring or using workers in exploitative conditions to eke out more profits. Did Apple's products get boycotted because of it? No. So, even the users don't care.
So why would a company try to uphold some weird moral standard at the cost of profit when its users and shareholders both don't care?
Because the "Big evil foreign tech giants" aren't the only ones to use these clauses in the tax code. But it's fashionable to bash on them. So you keep the votes and your corporate friends.
Viewing a company as responsible only to it's shareholders is perspective only proposed and adopted in the last 50/60 years (maybe less), and I believe, a flawed one.
Historically, businesses were understood to also have responsibility to their communities and customers. Also their workers, though perhaps that began to shed somewhat less recently.
In my view, any person or entity is morally responsible for their impacts on others.
So, I believe companies should, indeed, have moral standards.
...
That said yes this is a cultural shift so by no means any kind of immediate solution, and there will always be bad actors, so yes totally agree, fix the policy!
But let's not support a business culture where being a bad actor is cool- it makes the already very difficult job of appropriate regulation that much harder.
> But let's not support a business culture where being a bad actor is cool-
Agreed but what can few individuals even do when masses don't even care? We can try to use our privacy sensitive platforms and modular phones with open OSs but that will not really change anything. If my past experience has anything to go by, all it will do is, we will get shafted by overpaying for substandard experience.
I hate to sound defeatist but unless there can be a change in mainstream consciousness about it, it is mostly a lost cause.
They are paying no more than what they are legally required to, just like everyone else.
Would I want to see Google pay more? Yes. Do I expect them to be charitable and suddenly start paying more than the law requires them? No, this is unreasonable. What I expect is for lawmakers to make changes to the tax code, so that those tech giants end up paying more. Until that moment happens, that's fully on those lawmakers, not on Google or anyone else.
However, I don't agree with what you're saying. Are the laws perfect? No. But I do think we need something in place to balance things out so that companies are less predatory with our data. All these laws bring awareness to normal people, even if they click "accept all".
I have always promised myself that if I become a billionare, I will simply stop providing services to municipalities or countries that create arbitrary laws that make it hard or difficult to do business in.
So you've decided to limit yourself to not doing business on planet Earth, or becoming a Bond villain. Interesting choice.
A giant submarine lair would be rather cool, I suppose.
Turns out the real 'Bond Villians' in our world prefer to get stuff done through legal and boring channels like market manipulation (MSFT), breaking the law and using their lawyers to do so (uber), to pay off politicians through lobbying (what would not it in this parenthesis).
You better weight your dreams, because I believe that it's definitely possible that EU would just say fuck yourself to Google, started using Bing meanwhile creating viable Search Engine and US' competitive advantage would be gone
> I have always promised myself that if I become a billionare, I will simply stop providing services to municipalities or countries that create arbitrary laws that make it hard or difficult to do business in.
Do you believe that a society should ONLY maximise metrics towards "ease of business"?
I dream about the FAANG leaving the European market. It would be so many nice opportunities to finally develop our technologies locally like China or Russia are doing.
I really wish people like you who _are_ billionaires would stop making threats and just do it already. Taking your ball and going home because you can't play nice doesn't work in grade school, and won't work in adult life; but maybe there would be a lot less background noise from all the rich people shaking their fists and threatening to do things we know damn well they never will.
Those companies are operating globally, not locally. There's great benefits to this (more customers), but you also need to deal with the local laws of all the countries you want to do business in if you want to make money there.
Complaining about regulations on an article protecting children <13 years and giving an example about tobacco ( and trying to dodge them probably) seems a good reason to me for having such regulations...
What comes to mind in your example is that tobacco may not advertise/give discounts. Bundling them with something else should have the same result. Not being able to bundle them has the same end-result.
If you want to sell in a certain market, you need to consider local rules that could differ from your own.
Eg. US meat is not allowed in Europe because of the excessive use of hormones in most of their meat.
This is the cookie modal. It's the pages that show obtuse cookie modals the ones choosing to follow an aggressive anti-user approach. The fact that seemingly ALL of them are aggressive or use obscure techniques only shows how ingrained this smoking problem was all around.
EDIT -- the thing about this comparison is that those things happened when they implemented the anti-smoking laws in my country. You would see smoke-preferential areas, or in most places which didn't make the cut to have one, customers were all angry because they weren't able to smoke a cigarette after their lunch. But give it time, and years later most if not all restaurants and customers have accepted the new situation, offering an overall better experience for everybody involved. And I think that's what will eventually happen with the cookie law now that the GDPR has made more obvious and annoying the whole process.