The amount of time the EU has taken away from internet users with this insane policy is ridiculous. Yes, everyone in the fucking EU knows what a cookie is now. I can't believe I have to waste 3-5 seconds of my life on most website visits clicking a box.
But obviously sitting in an office in Brussels making an actual calculations of the years you take away from people is not something you do.
So how do you store user information then? Like logins? Sessions? Also rely on cookies. Browser fingerprinting? Great - then you've switched one problem for another.
This entire EU regulation is a non solution to a not really existing problem. Yes, third party advertisers use cookies to track you. But they can build technologies to use something else. In the meantime you are a) breaking the internet b) wasting hours of each EU citizens time every year.
Those are all allowed without explicit consent - it's right in the regulation. What isn't allowed without consent is all of the tracking and data-sharing nonsense that isn't actually required for the website to function.
Theoretically. Practically almost all websites need third party cookies to use any decent analytics platform (most often GA). So the end result is still that 100% of websites need cookie consent.
Matomo is great and it's nice that it's open source. One advantage of userTrack, which is also self-hosted, is that you get heatmaps and session recordings at no extra cost, which on Matomo cost from 200eur/year.
No website needs GA. You choose to have it for whatever reason but there's not ever a need to use GA. There are many less intrusive ways to father statistics than to sell your users to Google.
There is definitely a need for online analytics. Analytics are as important to me as crash reports.
* It helps me focus on the content my users need the most, and see what triggers donations.
* It helps me catch and diagnose traffic dips, and react to them.
* It helps me catch and diagnose unexpected issues. For instance, caching changes broke a component that accounts for 30% of my revenue. It would have stayed broken for a whole month if I didn't see the dip in events.
I will replace Google Analytics soon, but even as a tech-savvy person, it's a dreadful task. Google Analytics is free, simple, and incredibly reliable. Setting up your own self-hosted alternative, or paying a monthly fee for an alternative is a lot less desirable.
Yes I absolutely agree it can be useful.anf satisfying to see analytics. But it also means you send your users' data to another place where you know it will be recycled etc.
There are alternatives but as you say sadly none are as easy - probably because none have as much budget behind them. I see a number of comparison articles for gdpr compliant analytics, so it seems to have become its own market of sorts.
I have opted myself out of most Google services due to the intrusive nature, I wouldn't want to impose it on my site visitors (but I also have no need to monetize, so maybe a different ballpark).
If you want people to do the right thing, it has to be easy, or it has to pay off. GDPR is incredibly hard, and it's costly.
Just knowing what I need to do requires me to wear my lawyer hat. Actually doing it requires me to wear my developer hat, or to pay other people a monthly fee.
I will eventually move to another solution, but it has an infinitely lower impact on my users than the problems I help them solve.
I will switch this because I swore to do the right thing [1], and because I have a lot of time on my hands. I can't reasonably expect amateur bloggers to do the same. It's an unreasonable burden on people who don't run a website for a living.
Well, maybe legislation like GDPR will incentivize Google to build a less intrusive analytics suite. Or force the industry to innovate to create a new form of analytics.
Selling user behavior data to google in exchange for free analytic is exactly one of those markets which GDPR want to turn from being invisible for the persons whose behavior data get sold to visible.
If a hospital would in secret sell my medical records to drug companies in order to get free medical supplies I would object on several grounds. First because they are doing it without telling me. Second because its not their data to sell. Third because it create an unfair market where drug companies who are more ethical get out competed.
This is exactly the spirit of the GDPR. You know your data won't turn up in some completely unrelated place because of a previous business transaction.
Those are functional cookies, which can be placed without asking for consent. A site that just removes tracking and advertising does not need a cookie consent warning.
They do not ask "can I place cookies"; they ask "Can my third-party trackers and advertisers place markers on your system so that your activity can be tracked across this and other websites".
Don't stare yourself blind on the poorly chosen wording. It's not the "cookie law" either, it's the General Data Protection Regulation. It's not about cookies, it's about regaining control over your personal data, your online behaviour, etc.
You're really misunderstanding the GDPR. Cookies are not mentioned anywhere in the law and it's actually really simple to understand:
1. You can do whatever you need to do to provide the service you're providing. (login cookies, sessions, store their email address, whatever).
2. If you want to process, store, and sell any other user data, you need to ask them first.
So for example if you want to send 100 advertising companies personal data about your users, you need to ask for consent and allow them to decline without restricting their access to you service.
What technology you use to track users is irrelevant, it can be fingerprinting or cookies or anything else.
The only reason why you think the law is bad is because companies are frantically trying to work around it, trying to interpret it in unintended ways to not impact their data tracking ways, and trying to make users hate the law instead of them.
Well, this is a little more complicated, because the cookie issue stems not from the GDPR but from ePrivacy.
This directive explicitely targets reading/writing into the user terminal without autorisation, hence the application to cookies.
Edit: removed a post, that was not explicative enough.
But the articulation is: ePrivacy says you need to consent to write non-essential trackers. GDPR defines how you can obtain the consent. So both laws take part in this ruling.
you blame the law trying to protect you rather than the sites trying to take advantage of you? interesting perspective.
I 100% blame the people running the sites and whenever possible just close pages that come up with all this crap - if you are not doing anything dodgey there is basically nothing to get consent for.
Or, maybe they're balancing it with the amount of money/time you spend buying stuff you didn't really need/shopping. It's probably not illegal to have someone follow you to see where you shop, eat, work and sleep, but if a company could deploy one person to follow you 24/7 and report back for basically for free without telling you, there's a line crossed.
Also, besides browsing news/Reddit/shopping, where do you see the GDPR prompt? Banks, AWS, GCP, don't use tracking cookies, so how many "years" of productive work are really being taken away? Sure, its a barrier to shopping which also boosts the economy, but why does Nissan they need to know I just bought a power inverter or visited Tesla if they deliver a solid car on their own merits?
