And the bad (and actually non-compliant) implementations are getting cracked down on, but that just takes time. But the article mentions an example:
> the French CNIL introduced guidelines and required Google to introduce a "reject" button, which was also seen as a sign to many companies to adjust their banners and lead to major measuarable improvements in France.
The problem with DNT is that no one wants tracking, and trackers still want to track. So browsers and users have every reason to always have it set. And trackers have no incentive to acknowledge that and shut their business down.
>And it was implemented in the browser as Do Not Track but websites ignored it
Implemented in the browser AND mandated by law to be respected - in other words, similar enforcement as the current cookie notice, but with a uniform interface and central control.
No he isn't. The law is precisely what allows the intentionally bad implementations. Anyone could have foreseen this. Hell we already knew this would happen based on the earlier cookie laws.
The EU should have mandated an interaction-free solution like Do Not Track. They could have.
There is an interaction-free solution; it's called 'do not track' (as in, not tracking users). The EU don't mandate it, since that would probably be considered over-reach: if Web sites want to break their UI and annoy their users, they're free to do so.
Consent for personal data is implied when performing services for a user (e.g. logging in, shopping carts, remembering high-scores, etc.).
Interactions are only needed when consent is not implied; i.e. when the personal data is not performing a service for a user; i.e. when the user is the product, not the customer.
>There is an interaction-free solution; it's called 'do not track' (as in, not tracking users). The EU don't mandate it
If it's not mandated it's not a solution, it's more like a pacifist asking for peace in the middle of WWII
>The EU don't mandate it, since that would probably be considered over-reach
I don't think that's the reason, as it wouldn't be any more overeach than mandating the current cookie notice (or, in another domain, USB-C for mobile phones).
That's not mandated. You need to notify the users about third parties getting their data and allow them to opt-out. The cookie notice is just a common, terrible implementation of that requirement.
> or, in another domain, USB-C for mobile phones
They didn't do that either. They forced the relevant companies to agree to a standard until next review and the agreement was USB-C. No specific solution was mandated.
> I don't think that's the reason, as it wouldn't be any more overeach than mandating the current cookie notice
As viraptor says, cookie banners are not mandated; they're a crappy UX invented by ad companies.
In any case, regardless of one's personal opinions on user tracking, I don't understand how 'cookie notices' are at all equivalent to a flat-out ban on all tracking by anyone ever.
1. GDPR isn't just about cookies. It's about your data in general. So it covers even offline interactions.
2. Governments shouldn't mandate solutions. Instead, EU stipulated a requirement. And industry as a whole decided that they will break the law for as long as possible until the governments chase after them. In the process the industry has convinced gullible developers that it is the law that it is bad, and not the greedy leeches who flaunt it.
There is a YouTube channel called Technology Connections which has a video about American car headlights: https://www.youtube.com/watch?v=c2J91UG6Fn8 which I think illustrated a good example of the difference between mandating a solution, and mandating requirements.
Considering car headlights. Obviously there are some requirements we should make - they need to be bright enough to safely light-up the road. They should not blind oncoming drivers. They need to be reasonably safe in the event of a collision.
Between the sixties and 1984, the government of the USA mandated a solution. Basically one model of headlights was permitted (with a few minor variations introduced over time). If you look at all car models from this time they have a similar appearance, and the same headlights are still in use in some commercial vehicles today.
In most European nations (and other parts of the world) instead a requirement, or series of requirements were made. If you met these standards for lighting level, glare, etc. your headlight was permitted.
This led to European and Japanese cars have very varied headlight models, while most American cars were forced to stick to the same old style. This meant that American drivers missed out on innovations in this space.
Mandates can very easily become out-dates. Whereas well written requirements are much more timeless.
They do all the time. USB-C is probably the most recent example but there are a gazillion standards that are mandated by governments. Electrical sockets, traffic signalling, seat belt design, etc.
It's not some weird outlier for them to say "you have to do it like this".
And it was implemented in the browser as Do Not Track but websites ignored it
https://en.m.wikipedia.org/wiki/Do_Not_Track