Comment by ttiurani
2 days ago
How would that prevent sites from selling their users' data to third parties without consent server-side? GDPR is not about third party cookies, but about requiring informed consent.
2 days ago
How would that prevent sites from selling their users' data to third parties without consent server-side? GDPR is not about third party cookies, but about requiring informed consent.
Though I agree with your point, the idea that cookie banners in any sense contribute to "informed consent" is very debatable.
It’s because those were made to be bad solution by very advertising companies wanting people to be denied their rights and making it look like law is bad instead of implementation being bad
The 'selling of data' is separate of course, but the banners do nothing to actually ensure that they aren't collecting data you don't know about. They're honor system, which is dumb when you could have browsers not send that data back without opt-in.
In other words, of course Facebook knows you like bacon if you've followed 5 bacon fan pages and joined a bacon lovers group, and they could sell that fact.
But without cookies being saved long-term, Facebook wouldn't know that you are shopping for a sweater unless you did that shopping on Facebook. Today they undoubtedly do know if you are shopping for anything because cookies exist and because browsers are configured to always save cookies across sessions.
Also, I always point this out when this topic comes up: Of all websites I visit and have to click stupid banners on, almost none of them are in the market of "selling data" or building dossiers about individuals ("Steve Smith bought flowers on June 19th. Steve is 28 years old. He has a Ford Explorer. He lives in Boston."). They just want to get metrics on which of their ads worked, and maybe to know aggregate demographics about their audience. My local water utility, Atlassian, and Nintendo to pick 3 sites at random, have never been and are not in the business of data brokerage. But they do need to show cookie banners to not be sued for imaginary harms under CCPA or GDPR (unless they want to not make any use of online advertising or even aggregate analytics).
> They're honor system, which is dumb when you could have browsers not send that data back without opt-in.
Given that there is no objective way to differentiate between functional and tracking cookies, your "technical" solution would also boil down to honoring marking certain cookies as such by the website owner, effectively being the same as what we have today.
(Though I do agree that the UX would be nicer this way)
Well, I mean, we could go the route Safari has, and just blanket-disable 3rd party cookies by default. It's... quite effective (if a tad annoying for folks implementing single-sign-on)
2 replies →
We don't need the functional/tracking cookie split - the law already thought of this.
If you're using functional cookies, you don't have to ask. If you're still asking, you're just wasting your time.
The reason every website asks is because:
1. They're stupid and don't even bother to preliminarily research the laws they comply with.
2. They actually are tracking you.
Ultimately if you're using something like Google Analytics, then yeah you probably do need a banner. Even if it's just a blog.
Great, so then don't do that.
1 reply →