The irony is, popups to accept cookies are not GDPR compliant, unless there's an opt-out option. You cannot force tracking on someone as a condition of loading your website.
(you can, of course, serve generic ads instead, if they opt out, or serve generic ads by default and not show a popup at all)
Even Google has a "reject all" button in their cookie prompt these days. If rejecting takes you through multiple layers, consider reporting the website or their tracking partner to your local DPA.
The ad industry is intentionally making their popups as inconvenient as possible. They childishly point to the EU legislation that they "have" to make your life miserable with those popups but they really don't. They can choose to make your life easier, but that threatens their business model of using you and your browser as a source of revenue.
They can simply stop tracking you at all if you send the do not track header. You wouldn't even see the popups! They can even still serve ads, just not the ones based on the profile they've collected.
The cookie policy popups are, at best, an intentionally annoying way of complying with the GDPR or not compliant at all at worst.
GDPR has the great idea that you shouldn't be tracked unless you consent. The popups are a way of forcing consent because users just click through them. However, the default should be that you're NOT tracked and opting in should be explicit, which possibly means all those popups that begin tracking you after one click are not compliant. Then I've also seen sites where opting out is difficult - there's a hard to find link that takes you to some settings page where you need a dozen clicks to disable tracking cookies. That's definitely not GDPR-compliant.
Despite the practical annoyances, I direct my frustration at the cancerous advertising industry that has turned the Web into a giant ad platform, and so the industry is very intentionally undermining GDPR protections.
The pop-up is only necessary if you engage in shady tracking nonsense. GDPR does not mandate a pop-up for cookies that simply allow the site to function. Essentially, it's like blaming the flashlight for having made the rats scurry across the kitchen floor.
I use EasyList Annoyances with my adblocker, it hides all cookies/GDPR popups. If the website respects GDPR and waits for my click on the "Accept" button, I'll never see it and tracking shouldn't be enabled (many websites still don't respect that basic concept nonetheless)
The GDPR should get one important update and that’s QUICK:
You shouldn’t be allowed to ask for consent to do tracking or targeting as a pop up. The site must be completely usable using only “required” cookies (to which no consent should be required if it only tracks a limited set of data) and any option to consent to anything outside this must be a hidden option.
That is: sites should have to work 100% without popups and shouldn’t be allowed to use “marketing cookies” (for tracking and ad targeting)
Otherwise we just traded one nuisance for another.
GDPR doesn't disallow cookies, it disallows tracking cookies, afaik. Tracking data is not yours too see, so how could you use them? Do you mean that you want personalized ads?
Arguably most of these cookie popups are not compliant with GDPR law anyway as all cookie acceptance has to default to opt out, its only if the user wants to opt in that the data can be collected. Almost all of the popups default the wrong way and use dark patterns including making you wait minutes to avoid the popups.
This is all by design, they will happily show you that popup everytime you come to the site and you'll never see it again if you accept them. When you see such a pop up you know what sort of entity you are dealing with, one that is willing to fight with the EU and the law to get that data as well as enormously hurting its customers in preference.
GDPR wants to ensure that user privacy is protected. If you do that in your business, you don't need to show any cookie popups.
A honest cookie popup would ask "Do you want to be tracked for advertising purposes? yes/no", and any sane person would klick "no". No education needed at all, if the advertisement industry would play honest.
If the Web experience is ruined now, the Web advertisement industry needs to fix it.
The GDPR has no problem AT ALL with cookies. Use as many as you like with no need for popups. However, if you are using cookies to track or personally identify me (advertisers take a bow), then you need to ask my permission to do so. And so you should.
I am unaware of how a browser may possibly be used to block only personally identifying cookies, and besides, putting the onus to do so onto the data owner is against the principle of the GDPR; that personal data is MINE and you must ask my permission to use it.
Except that refusing to serve people who reject cookies is explicitly not allowed by the GDPR. You cannot make tracking a requirement for using your site.
A lot of cookie pop-ups you encounter are not even remotely required under GDPR. They are a mostly a form of malicious compliance from the ad-tech industry that want the restrictions lifted.
The way they are doing it doesn't actually comply with the law either, so the CYA aspect of it doesn't work as designed. Adding a popup doesn't do anything as far as the GDPR is concerned unless the popup allows you to decline tracking just as easily as it is to accept it (no pre-ticked boxes or anything).
I believe the problem here is wrong advice leftover from the previous "cookie law" (which I agree is completely stupid) being repeated endlessly (either honestly or maliciously from the adtech/spyware industry to try and make the GDPR look more annoying to the users). I sometimes even see this wrong "advice" here on HN on GDPR-related threads.
Well then - cookie popups that must be clicked every time you visit a website until you accept them, must be ok with you, since "this is how it's supposed to work under GDPR".
Sorry, but I don't agree. I consider them a scourge on today's Internet. And I find them a horribly steep price for the "privacy" (really just a lousy IP address obfuscation) you gain in their stead.
Cookie law does not give users a way to opt-out. That's why you get annoying pop-ups that say "By viewing this site, you agree to all our tracking bullshit"
GDPR says users must be given an option to opt-out and you cannot start tracking them until they specifically click "I agree".
To add to this, blocking the GDPR pop-ups is legally equivalent to declining all but the essential cookies. This is because GDPR establishes a default that users may not be tracked, and explicit, freely given, informed consent is an exception to that general rule. If the pop-up is ignored, blocked, or contains insufficient information, then the exception is not granted, and the site may not track you.
Granted, whether or not sites are following the law is another matter altogether.
Wow I think that site has the 1st decent GDPR popup thing I've seen. Just two buttons, accept cookies, reject cookies, u click one and then it goes away.
Cookie "warnings" and forced "consent" popups (with no or difficult opt-out) are not GDPR compliant. GDPR mandates that all tracking and related bullshit should be opt-in. So the annoyance isn't the GDPR, it's the lack of enforcement of it that allow shit websites to get away with not being compliant.
(you can, of course, serve generic ads instead, if they opt out, or serve generic ads by default and not show a popup at all)
reply