I feel like the DNT header could have been made a lot better if it worked alongside GDPR. Like, 0 = haven't chosen/prompt me (I want to pick exactly what cookies I want), 1 = don't care give me everything, 2 = functional, 3 = please don't track me at all. You could then just surface this per-site even in the browser, maybe in a way resembling the IE Security Zone settings with their nice sliders.
I'd love if this became a EU-wide law. If you send the DNT header, then you can't get cookie consent alerts since you already do not consent being tracked.
I want to be able to opt out of tracking. GDPR has improved my life.
Websites that want to make it easy for me give me a “reject all cookies” button. It is not the fault of GDPR that most websites want to trick you into just clicking “accept all.”
It would be a start if users could select in the browser if they want to receive personalized content/advertising, be tracked or whatever. All those new GDPR induced layers definitely make the web a whole step worse (and I don't blame the GDPR for that).
Every time I see a website having 'essential' and 'functional' cookies I start freaking out because, in my opinion, those websites are just lying. In most cases, their 'functional' cookies are either marketing or tracking cookies, but never relevant for the core functionality of their website.
And there are still too many websites out there which either try to make you click the 'Accept all' button or simply don't understand that the law requires an opt-in and not opt-out.
Pushing the UI for the cookie-use-case selection into the browser would at least end this UI layer hell. But I am sure, some browser vendor will mess up the party and go some extra way, similar to what we had with the DNT header... Maybe we just need another law like 'Do Not Track means Do Not Track!'.
I am not a lawyer or a GDPR expert, but I think that probably wouldn't satisfy the intent of the GDPR any more than current browser capabilities to accept or reject third-party cookies would.
Well, that would require some kind of interoperability between the client and the website (like an HTTP header that sends cookie events).
I absolutely would prefer that to the world we have now. I'm all on board, you don't have to convince me it's a good idea.
But, that doesn't exist today. I do prefer having the stupid annoying popup that gives me the option to allow only required cookies to having no choice at all.
The new GDPR compliant cookie popups give me that option. It's a step up above not having the option at all.
The problem is that the GDPR consent prompts ask for tracking/data processing consent regardless of any technical methods like cookies, local storage or browser fingerprinting.
A browser implementing a cookie consent UI would not fully solve the problem because websites might still want to track you through other means (browser fingerprinting, server-side analytics, etc) and if they want to respect the regulation then they still need to ask for consent.
Yeah, I guess it's not that I don't want to accept cookies, it's that I don't want to reject them either (I'd rather close the tab than do either one.)
This sounds like GDPR is a bad thing for people like me, but I view it as a long game: as sites see increased bounce rates due to cookie popups, maybe it'll change the equation in favor of not having tracking cookies in the first place. I feel like I'm doing my part to help create that future every time I close the tab when getting nagged about cookies.
(And GDPR doesn't require dialogs about all cookies, you're allowed to use cookies to have sessions/logons without nagging.)
That's the problem with the GDPR. Excellent idea, but badly executed. Something like the DNT-Header should have been in the law, saying that the user only wants the really necessary cookies.
With GDPR, the question isn’t so much about cookies but more about getting your informed consent to track you.
It’s not something a browser can do automatically because then websites owners will not listen.
Some time ago, Microsoft did set on the do not track setting by default on one version of internet explorer and it basically killed the do not track project.
This does not work with GDPR compliant sites (the few that exist). I wonder if it would make sense to use something similar to [0] to auto-accept, note in the results that there is a consent gate and then list the trackers in the accepted state?
Just build websites that comply to GDPR per default and leave that crap away. Many people don't even seem to know this is possible. They believe Cookie consent is something everybody has to do on their website and if they don't do it they are in danger.
reply