Your examples are terrible, which probably proves the point that EU users are getting more than they are losing. Btw Europe != EU.
> Banning encrypted messaging (almost passed)
It's a positive thing that it was brought up and struck down. EU is the actually the one you should be thanking because most European countries would ban it.
> Cookie pop ups
Malicious compliance by websites, but at least users have a choice of opting out of tracking. Again, a positive thing.
> Various regulations harming open source (discussed before on HN)
The most recent changes are so watered down that it basically only applies to commercial open source companies that are turning a profit. It's helping users more than it's harming the open source community.
If the legislation had been written correctly then the current nightmare wouldn’t exist.
Should have been a browser level setting the sites are forced to comply with. The pop-up per site with free rein how obtuse it can work was always gonna suck. Pure incompetence from the politicians involved.
It works fine now, many sites i visit have a "Deny All" button which was how it was supposed to work. Initially, (inevitably) private corporations found a way to subvert the spirit of the law to their benefit.
Getting the legalise of legislation right first time is almost impossible when there is an army of lawyers, paid by corporations, whose job it is to unpick it.
> It works fine now […] many sites i visit have a "Deny All" button
That’s not fine. It’s anti-thetical to the very idea of the web. Accepting this shit as a compromise is exactly what we did with adblockers and that battle is still ongoing, and not solved. Whenever the greasy finger of corporations end up inside our browsers, whether it’s fingerprinting or meaningless consent screens, or tracking cookies/pixels/scripts, things are not dandy, imo. I don’t have a solution. Just saying.
> "... anti-thetical to to the very idea of the web"
I'm genuinely curious and not trying to pick a fight here. The core idea behind html when it was first conceived was that it allowed you as the viewer to present that info in any way that you chose. You can change the font, etc to suit your own preferences.
This idea got killed by content providers who mostly want to hardwire their content layout because they know better. So where is this "idea of the web" coming from. Surely there's no longer a central core idea, it's just what each of us make of it, and as a result we're often in conflict about how things go.
Did choice get formally taken away? Does the content provider get to choose how it's done now?
> So where is this "idea of the web" coming from. Surely there's no longer a central core idea
Like with “democracy”, it is not possible to create a comprehensive formal definition that embodies the full spirit of the idea. Without getting too philosophical, the web is client-server based where the provider controls the server, and the user controls the client. There are fierce battles being fought on both fronts:
- Providers are being lured by ad tech giving you a free (as in beer) space in exchange for relinquishing any control of the server. An example would be YouTube where you get free hosting if you comply with opaque community guidelines and strike systems. Limiting linking to other “platforms” aka websites is another example. A more subtle example would be cloud infrastructure where switching provider is designed to be prohibitive.
- Users are under attack based on their IP geo, VPN usage, extensions (ad-blockers primarily), fingerprinting, UA sniffing, JS obfuscation, video DRM etc. The most egregious example is to force users to download an app (a client that the provider controls fully). Captchas is a more subtle example.
Note that there are real hard problems with a healthy web, notably DOS protection, which needs some level of client fingerprinting (like IP rate limiting).
However, large businesses – many of whose success is built entirely on top of the web – are actively eroding it for banal selfish reasons. Much like how democracy can be leveraged by those who don’t believe in it in order to gain traction, only to later be dismantled to maintain power and control.
> If the legislation had been written correctly then the current nightmare wouldn’t exist.
Legislation is not a technical spec. It's made purposely to be interpreted. And companies are made to optimize their profit given the constraints set by the law. Sometimes companies have to bet that if they do X, they won't get a fine, and decide if they want to take that risk.
Companies can even bet that the fine will be smaller than the profit, which is often the case. And that, IMHO, is the problem: we (I mean our governments) should be much, much more aggressive with the fines. BigTech can basically do anything they want because the fines are always ridiculous (because BigTech are too big, sure).
> If the legislation had been written correctly then the current nightmare wouldn’t exist.
It was written correctly. Because it's a General Data Protection Regulation. It applies in equal
measure to websites, apps, paper records, SaaS, shops, government entities etc.
And it says: "do not get more data than is required for your business. If you want more data, the user must give consent, where opting out is the default, and must be as easy as opting in".
Now, what exactly is badly written in the law? You can start with quoting exactly where it requires existing cookie popups.
This is always brought up when EU cookie regulations are discussed. If only the EU consulted HN readers...
It's true, though. The technical language could've been written in a way that makes it more difficult for websites to circumvent, and less annoying for users. Or the regulation could've been amended to clarify and improve the technical aspects.
That said, getting to a regulation at all was probably a bigger nightmare, with Big Tech lobbying against it every step of the way. So I'm glad that we even have the current GDPR, and that the EU is still leading the way in privacy regulations globally.
You seem to be inverting cause and consequence: it's the websites who are annoying to the users, not the law. The banner is optional, it only exists because websites want to collect your private data, not even to make the thing work.
> Or the regulation could've been amended to clarify and improve the technical aspects.
The regulation has been clarified to mean something important: refusal must be as easy, visible and doable as acceptance, so people can click "refuse" everywhere. Lack of acceptance mean refusal, so people can close the banner.
> You seem to be inverting cause and consequence: it's the websites who are annoying to the users, not the law.
No, I mean that the law could've been written in a way that makes giving consent less cumbersome for users. I agree with GP: if it had been a browser setting that websites _must_ comply with, like the abused and now dead DoNotTrack header, then we wouldn't have ended up with annoying consent forms to begin with. After all, it does make sense for this to be a global user preference, rather than something the user needs to consent to on each site. Even without getting into technical details, this should be evident to anyone.
I'm not aware of why this didn't happen, or why the DNT header was killed, but it wouldn't surprise me if the (ad)tech industry strongly lobbied against it, and won. The internet loves to criticize this oversight as incompetence from politicians, but politicians couldn't have elaborated the technical aspects of the law without IT consultants, and these surely understood what could be the implications. The fact they went with the consent form approach, and the fact this hasn't been rectified years later, is probably a sign that the tech industry still has considerable sway in regulatory matters.
But to blame this situation on the law itself, or the EU, is just delusional. I'm still happy it exists, warts and all.
But nothing prevents browsers from doing so ! In fact you can even configure your browser to never show those popups, and everything is fine. Everytime I switch people over to Firefox I install ublock origin and the list that blocks cookie popups: https://jasonmurray.org/posts/2020/cookies/ (there are even more settings to block even more popups today)
Actually Google is seeing the wind turn and is slowly moving away from cookies, so it did even better than what you wanted: it will effectively kill (unnecessary) cookies as a whole.
I have no issue believing lawmakers did in fact take advices from IT experts, seeing how they could make the difference between useful and unuseful cookies. But the law never goes into implementation details, that's another level of regulation, and the real effect is coming: the major browser will block third-party cookies. That will change everything.
The cookie regulation was designed to train people to "Agree" without reading.
It was a prerequisite step for GDPR that was designed to legalise data collection and trading.
Before GDPR it was a gray area, now companies can easily get consent as users mindlessly click "Agree" to data processing and selling and they have a legal basis to do so.
These are corrupt laws, but most people blindly believe EU is good and totally not in bed with big corporations.
You have clearly not seen the amount of people who click "deny all" or "only statistics". Before the GDPR _everyone_ had to accept _everything_ a website sent their way and didn't have a say in it, after the GDPR only 33% of people click "accept all" on the cookie banner for the fairly large e-commerce site I work at.
If the goal of the GDPR was to train people to click "Agree" and to legalise data collection, then that law was an abject failure.
> The cookie regulation was designed to train people to "Agree" without reading.
That's a cynical take. In reality, companies took advantage of the loose technical language to do the least possible work to comply with the law, while doing their best to implement dark patterns to confuse the user into clicking "Agree". This is something that can be improved with stricter regulation, but it will always be a cat and mouse game.
> It was a prerequisite step for GDPR that was designed to legalise data collection and trading.
Another cynical, and also false, take. The GDPR wasn't "designed" for that. In fact, it actively tries to prevent it. An EU citizen can contact any company in the EU and demand to access all their personal data, or for it to be deleted. This is an unequivocal win for people to regain control over their personal information.
Is this the best that governments can do? Certainly not. I'm still glad that at least something exists, and the tech industry is not entirely unregulated, as in most other parts of the world.
> These are corrupt laws
No. These laws are a step in the right direction. Unfortunately, the strong influence and rapid pace of development of the tech industry means that governments will always play catch up, even when they want to pass laws that protect their citizens.
> most people blindly believe EU is good and totally not in bed with big corporations.
Citation needed. Name me a government that is not in bed with Big <industry>. Big Tech in particular is in strong symbiosis with governments, as they both share some common goals. So, sure, there's that. And yet despite of it, the EU still passes laws that fight Big Tech's reach, and fines companies when they don't comply. Can it do better? Sure. But name me a government on Earth that does a better job at this than the EU.
We don't need to get political here. But it's foolish to spew cynical takes when some governments are at least trying to fight Big Tech, and even more foolish to imply that their attempts are making things worse for its citizens.
> It's a positive thing that it was brought up and struck down.
You see, the thing about european legislation is that certain stuff, especially stuff people oppose, is proposed over and over again until it passes. It costs almost nothing to re-propose things like killing net neutrality or banning end-to-end encryption, but it's very costly to oppose them. Which the politicians and lobbyists know and use to their advantage.
I don't think the EU has ever had net-neutrality as you'd call it in the US. The infrastructure and internet service are separated in most places which has similar outcomes. (and mobile data is wicked cheap for other reasons)
Most notably, this means a bunch of stuff gets "zero-rated" (e.g. free unlimited facebook/whatsapp with any phone plan, but other data is limited), which was explicitly called out as anti-competitive when the fight was going on about net neutrality in the states.
Perhaps GP meant that the end result is a net good, since now it's in the books that it was positively, explicitly struck down? (Rather than being ambiguous or assumed, with no records etc.)
Anyway, reading sibling comments it seems like it's not that simple either way.
> Banning encrypted messaging (almost passed)
It's a positive thing that it was brought up and struck down. EU is the actually the one you should be thanking because most European countries would ban it.
> Cookie pop ups
Malicious compliance by websites, but at least users have a choice of opting out of tracking. Again, a positive thing.
> Various regulations harming open source (discussed before on HN)
The most recent changes are so watered down that it basically only applies to commercial open source companies that are turning a profit. It's helping users more than it's harming the open source community.