Most of the cookie banners are breaking GDPR. The requirement under GDPR is that privacy must be the default and users can select to opt in. So most of the banners you come across that default to all tracking are against the law already. The legislation didn’t stop them being annoying in this way but a few prosecutions for the breaches and dark patterns would set things off on a better path.
Yeah I’ve been saying this to people. Don’t get mad at GDPR, get mad at companies who harvest your data
companies could show their annoying banners only to the EU residents.
It’s starts out badly by assuming that web servers are able to tell which country their visitors reside in.
The “do not track” header is not turned on by default in most web browsers. If it not being present were legally safe to take as granting permission to track everything, many of the big web publishers would’ve gladly done so. Making it mandatory to respect the DNT header would have required a different law than the one we got. But it probably still wouldn’t have been the best option.
The right answer to getting rid of tracking cookies is the 3rd-party data isolation pioneered by Firefox, combined with fingerprint-resistant browsers that clear all but whitelisted cookies on tab close or browser exit.
Did you read the article to the end? The entire point is that these banners are not needed at all, anywhere in the world.
That conclusion depends on two things: That the “do not track” header would suffice instead, which I think it doesn’t as things stand; or that all builders of web sites would do better not to make any attempt to (for example) keep track of which of their visitors have been there before, which is not going to happen for reasons that are obvious. If those obvious reasons are found to be inadequate, they should at least be addressed to make the point convincingly.
Otherwise one might as well go ahead and say that most of what exists on the web today is not needed at all, which is also technically true. It’s strange to see it suggested that it’s wrong to think law makers “should have known” that something like what happened would be the result. It was inevitable from the start, and as I recall much talked-about. The sites that have cookie banners are all trying to sell you something, and the sales department is not going to willingly give up the best tools it’s had since the 1990s when the cost is just looking slightly more sleazy to first-time visitors.
or that all builders of web sites would do better not to make any attempt to (for example) keep track of which of their visitors have been there before
If there is a technical reason to do so, the GDPR explicitly allows doing so without any consent banner… and if there isn’t other than harvesting data to sell it to advertisers, then yes there is no reason to have that.
The other side of this is US websites that display “not available in your region” instead of the content.
Banner? Why? What’d she do?
