> To make this very clear: user/visitor consent is only needed for data going to 3rd parties. All cookie laws, including GDPR and CCPA, allow essential first-party cookies to be exempt from collecting user consent before performing their actions. So your session tracking cookie on your site DOES NOT need a consent popup AT ALL.
Most consent dialogs can be avoided, were it not that the surveillance capitalist services need your data, and shove these dialogs full of deceptive design in your face. In hopes to have as many people as possible complain about the regulations, and use that pressure to lobby them away again.
My bank doesn't use 3rd party cookies, but they have a modal wall you have to click through anyway that explains that they DO NOT use cookies.
This is insanity. Their explanation is that users are so accustomed to these cookie walls that a site without one would feel suspicious and unsafe.
I very much blame the EU on this, because the EU policy has solved NOTHING, tracking still happens just as before, except now users just have to go through more friction. Of course I am also pissed at the websites and entities that sell my data, but that is irrelevant to my gripe with the EU.
Superficially, the banners appeared due to how the law was made and how it's implemented. The noble intention is one thing and the pragmatic reality is another.
It's correct to blame the businesses for creating the banners but also unfair to treat the matter as if the businesses and the EU are on a level playing field. The EU makes laws - it has cheat codes to achieve what it wants.
It's like defensive driving. You may not be at fault if someone crashes into you but you may have had the power to prevent it.
> 7 years of complaining about it hasn't changed that.
Funnily how "7 years of complaining" was, and continues to be, only about the EU. Not about the predatory businesses creating these banners (often in direct violation of GDPR).
> Or enforce the existing ones.
That's definitely the biggest criticism you can level at EU: they are too slow in enforcing this.
I blame the businesses for destroying the social fabric of the internet, and I simultaneously blame the EU for implementing pointless regulations that do not solve the first problem while making life miserable for its subjects.
Businesses: destroy the social fabric of the internet
Regulation, literally: do not collect people's data without their consent if you don't require that data for services you provide. Applies in equal measure to websites, banks, grocery stores, shit processing plants and nuclear power stations.
...
4ad: I still blame the EU, and it's a pointless regulation.
You seem to think that the EU should be imune from criticism because it tries to do the right thing.
No, when politicians make things worse and absolutely don't solve any problem they promised they will solve then they should be held accountable, removed from positions of power, and replaced with competent people who write better regulation.
Edit to your edit: indeed, the EU is mostly about making people miserable while convincing them it's actually better for them.
Is he right though? I work with affiliate people a lot, and they hate cookie-consent popups. Even when you do all your analytics inhouse with self-hosted matomo, if you want to use a cookie, you need consent is what the lawyers say unanimously. And these aren't "we want you to ask for consent because we secretly want more privacy" lawyers, these are "I get paid to find a way for you to do your tracking in the easiest way possible and I don't care about privacy" lawyers.
> Even when you do all your analytics inhouse with self-hosted matomo, if you want to use a cookie, you need consent is what the lawyers say unanimously
If you use a cookie for Matomo tracking than yes, you need consent. You are using a cookie for a non essential service (analytics), so you need to ask consent.
But that primarily says that Github doesn't care about cookies (or consent), not that you (not being a multinational corporations with an army of lawyers and millions in lobbying spending) can do the same.
I'm pretty sure those cookies are non-compliant if you look at them closely, because none of them are necessary for the operation of the service. a) a default value doesn't need to be stored in a cookie -- and it has to be a default value, because you haven't selected a color scheme or a timezone b) login-state does not require a cookie: either you're logged in and have a session, or you aren't, and you don't, c) there's no reason for a session on the public facing side that doesn't contain any private/individualized data, unless you want to use these session cookies to track users -- and it's only about users as bots will typically ignore cookies.
My money is on "Microsoft knows that cookie consent is optional if you're not a small European company".
So why do even the official website of the European commission and the European parliament have a cookie consent button? One would assume that they are not "capitalist services".
Unfortunately big tech surveillance capitalists (which is different than "capitalist services", mind you) are court suppliers of IT services that EU institutions depend upon.
Edit: And as the sibling said, in many cases it may be restricted to analytics and simple 'reject' suffices, which is at least better than some of the intricate dialog designs.
I mean, you could literally read what their banner says. E.g. Eu Paarliament
"We use analytics cookies to offer you a better browsing experience. You have the choice to refuse or accept them. Reject. Accept".
Those analytic cookies are not required for the functioning of the website, and those web sites are required to ask for your consent to gather any additional data.
> To make this very clear: user/visitor consent is only needed for data going to 3rd parties. All cookie laws, including GDPR and CCPA, allow essential first-party cookies to be exempt from collecting user consent before performing their actions. So your session tracking cookie on your site DOES NOT need a consent popup AT ALL.
Most consent dialogs can be avoided, were it not that the surveillance capitalist services need your data, and shove these dialogs full of deceptive design in your face. In hopes to have as many people as possible complain about the regulations, and use that pressure to lobby them away again.