Comment by diggan
1 month ago
> This mindset is how we got those awful cookie banners.
The only thing I've found awful is the mindset of the people implementing the banners.
That you feel frustration over that every company has a cookie banner, is exactly the goal. The companies could decide that it isn't worth frustrating the user over something trivial like website analytics, as they could get that without having to show a cookie banner at all.
But no, they want all the data, even though they most likely don't use all of it, and therefore are forced to show the cookie banner.
Then you as a user see that banner, and instead of thinking "What a shitty company that don't even do the minimal work to not having to show me the cookie banner", you end up thinking "What a bad law forcing the company to inform me about what they do with my data". Sounds so backwards, but you're not the first with this sentiment, so the PR departments of the companies seems like they've succeed in re-pointing the blame...
Seconded: and we need to have worthy competitors spring up without those bad practices and lousy cookie banners, and people to flock to them.
Once that happens, the "originals" will feel the pressure.
Not using those “bad practices” of third party analytics can be an existential threat to small businesses, unfortunately.
Not really. You can still get metrics and analytics, you just don't include PII in it. There are tons of privacy-respecting platforms/services (both self-hosted and not) you can use, instead of just slapping Google Analytics on the website and having to show the banner.
But even so, I'd argue that since it's a small business, you'd do much better with qualitative data rather than quantitative, since it's a small business it's hard to make choices based on small amount of data. Instead, conduct user experience studies with real people, and you'll get a ton of valuable data.
All without cookie banners :)
one must ask themselves, "why?", this never happens lol.
The non-use of collected data is the most ridiculous part of all this. I work with many companies that collect tons of data and only use a small percentage of it. All they're doing is building a bigger haystack.
This is partially due to the fact that Google Analytics is free and the default for most website/app builders. But, still, it's ridiculous.
In my experience, most people that have semi or full decision-making control over this kind of thing have absolutely no idea if they even need cookie consent banners. They just fall for the marketing speak of every single SAAS product that sells cookie-consent/GDPR stuff and err on the side of caution. No one wants to be the guy that says: "hey, we're only logging X, Y and not Z. And GDPR says we need consent only if we log Z, so therefore we don't need cookie consent." For starters, they need a lawyer to tell them it's "A OK" to do it this way, and secondly it's plain old cheaper and a lot less political capital to just go with the herd on this. The cost of the banner is off-loaded outside of the company and, for the time being, the users don't seem to mind or care.
This is why half the web has cookie-consent banners. No amount of developers who know the details screaming up the ladder will fix this. The emergent behavior put in place by the legal profession and corporate politics favors the SAAS companies that sell GDPR cookie banner products and libraries. Even if they're in the right, there is a greater-than-zero percent chance that if they do the wrong thing they'll go to court or be forced to defend themselves. And even then if it's successful, the lawyers still need to be paid, and the company will look at "that fucking moron Joe from the website department" which caused all their hassles and countless hours of productivity as a result of being a "smart ass".
> have absolutely no idea if they even need cookie consent banners
> This is why half the web has cookie-consent banners
Agree, but we as developers can have an impact in this, especially in smaller companies. I've managed to "bark up the ladder" sufficiently to prevent people from mindlessly adding those popups before, and I'm sure others have too.
But those companies have all been companies where user experience is pretty high up on the priority ladder, so it's been easy cases to make.
People think in terms of what is inconveniencing them directly. Great examples are when consumers yell at low level workers when a company has horrible policies that run back to cost cutting...
or union workers strike against Imaginary Mail Service Corp. because they are being killed on the job, and people (consumers) get angry at the workers because their package wont show up on time (or the railways arent running, etc...) instead of getting mad at the company inflicting that damage on other people...
or when [imaginary country] puts sanctions on [other poorer country] the people of that country blame the government in power instead of the people directly inflicting harm on them.
I'm not sure why this is the case, but we have been conditioned to be resistant to the inconvenience and not the direct cause. Maybe its because the direct cause tends to be a faceless, nameless entity that directly benefits from not being the target of ire.
[flagged]
Do you feel like your comment is responding to mine in good faith and using the strongest plausible interpretation? Because it sure feels like you intentionally "misunderstood" it.
Obviously the intention is not "to not improve user privacy at all" but to give companies and users the agency to make their own choices. Many companies seems to chose "user inconvenience" over "user privacy", and it now makes it clear what companies made that choice. This is the intention of the directive.
I didn't intend to criticize your description of the situation. My intent was to criticize the people who (allegedly) had that goal, because it has become clear that the result of the policy was not to cause user frustration and have that lead to companies improving their privacy practices. Instead, the result of the policy was simply to increase user frustration without improving privacy practies.
Not the goal of the regulations. The goal of the companies.
Those are the same goals, at least in a capitalistic free market. The theory is that consumers will go towards products which are better (meaning, less obnoxious), and therefore the obnoxious websites will either die off or give up the banners to conform to the market.
Naturally, as you can see, free markets are purely theoretical. In practice, up and leaving a website you're using is almost never easy, and isn't even a choice you can make often.
It’s odd that you think the people implementing the banners want them so they can get more data. They want them because they provide a shield from litigation. I don’t know about you, but in the past year, most of my ads on Facebook are from law firms with headlines like “have you browsed (insert random minor e-commerce site) in the past two years? Your data may have been shared. You may be entitled to compensation.” If I’m a random mom and pop e-commerce site and I do not add a cookie banner, and I use any form of advertising at all, then I am opening myself up to a very expensive lawsuit - and attorneys are actively recruiting randos to serve as plaintiffs despite them never being harmed by “data collection.”
It’s that simple. That’s the situation with CCPA. Not sure the exact form that GDPR penalties take because I’m not European. But it’s not a complicated issue. you have to display some stupid consent thing if you’re going to have the code that you’re required to have in order to buy ads which take people to your website.
Note that plenty of these cookie banner products don’t actually work right, because they’re quite tricky to configure correctly, as they’re attempting to solve a problem within the webpage sandbox that should be solved in the browser settings (and could easily be solved there even today by setting it to discard cookies at close of browser). However, the legal assistants or interns at the law firm pick their victims based on who isn’t showing an obvious consent screen. When they see one, it’s likely that they will move onto the next victim because it’s much easier to prove violation of the law if they didn’t even bother to put up a cookie banner. A cookie banner that doesn’t work correctly is pretty easy to claim as a mistake.
> If I’m a random mom and pop e-commerce site and I do not add a cookie banner, and I use any form of advertising at all, then I am opening myself up to a very expensive lawsuit
Nope, that's not how it works. But your whole comment is a great showcase about how these myths continue to persist, even though the whole internet is out there filled with knowledge you could slurp up at a moments notice.
Your comment would be better if you cited any evidence. Otherwise, I could also point you to a whole internet which is, as I said, full of law firm ads fishing for plaintiffs who have only been 'harmed' in the most strained definition of the word.