The “Accept all” button is often the standard for cookie banners. An administrative court has ruled that the opposite offer is also necessary.
Lower Saxony’s data protection officer Denis Lehmkemper can report a legal victory in his long-standing battle against manipulatively designed cookie banners. The Hanover Administrative Court has confirmed his legal opinion in a judgment of March 19 that has only just been made public: Accordingly, website operators must offer a clearly visible “reject all” button on the first level of the corresponding banner for cookie consent requests if there is also the frequently found “accept all” option. Accordingly, cookie banners must not be specifically designed to encourage users to click on consent and must not prevent them from rejecting the controversial browser files.
You must log in or register to comment.
meanwhile meta stealing terrabytes of copyrighted literature to train their AI on, meanwhile “step in the right direction” video game megacorporations yoinking your product license you bought because its not profitible, meanwhile nintendo shutting down emulators without any base other than having money over passionated indie emulation devs, meanwhile google using google fonts on desktop on literally every website or apps on your phone to bypass this sht anyway.
way too little way too late, these people see these cute upcoming fines as very profitable and non harmful business expenses.
Also, require its html tag to have an attribute “data-legal-reject” or something like that so we can have browsers auto reject all that shit - while keeping necessary ones.
Better yet, attach this at the protocol level. “X-Cookie-Policy: ImportantOnly” or something like that.
Yeah, there’s no reason why this should be anywhere except the browser level.
Just a bunch of idiots that have no idea how shit works.
If they can reject all, but can’t stay logged in after trying to navigate the site, who’s fault is that?
but I can already here, but you can work around that
Guess what? The workaround is tracking. we’re just re-inventing cookies.
This is about the option to reject cookies, not getting rid of them.
Cookies are used for all sorts of critical things other than tracking. Right now with the current methods of accept all cookies or accept only necessary cookies is fine. All this is going to net is a bunch of uninformed people clicking reject all cookies and then it’s filing support tickets that they can’t log in.
Accept all, one click. Accept only necessary: typically involves turning somersaults.
The ruling is about the latter.
Requires turning some somersaults but leaves you with a viable product. Allow them to reject all and just let it break?
Cookies can be divided into subcategories and depending on what type they are, they may or may not be covered under this ruling.
Heres a nice breakdown of what does and doesn’t have to be included in the reject all option https://gdpr.eu/cookies/ and also a bit of info about the ePrivacy directive that seems to be what the TDDDG law is based on.
So websites with competent cookie management shouldn’t break if a user “rejects all”
You wonder, why do they not just make it illegal to use cookies at all (other than for legitimate purposes like loggin in).
Who actually wants to accept?
As much as i would love to see that, youll be burning down a multi-billion, if not trillion, worth market.
Also, idk if i want the alternative of cookie tracking to be used as much as cookie tracking. Scary stuffyoull be burning down a multi-billion, if not trillion, worth market.
Oh no
Also, idk if i want the alternative of cookie tracking to be used as much as cookie tracking. Scary stuff
Here’s an idea, you outlaw that also
We have been in the wild west of the internet the last 20 years or so, and you wonder when we’re finally going to actively police it
why shouldn’t there be a wild west for those that want it?
You’re in favour of companies mining our data and selling personal information with impunity?
I’m in favor of laws targeting advertising in general, not specific implementations of advertising or data mining.
If a few friends make websites that all have access to each other’s cookies for things like high scores this would use third party (cross site) cookies because nobody in their right mind would want to store user data on a server for a hobby project. This is the exact same tech that allows ads to track you across the web, just a more legitimate use of it.
I don’t see why you’d need to throw out that baby with this bathwater.
My point is the same as yours. You ought not need to “reject” cookies for the purposes of tracking you for marketing, or other defined illegitimate purposes. It should just be illegal by default.
And if you want to opt in for some specific feature, as you suggest, you could (as long as you still legislate you can’t bundle more tracking along with it).
Things should just do what is says on the tin.
In my opinion.
a website that has a primary function that relies on third part cookies shouldn’t require any opt-in nonsense, most websites don’t need them, not the ones that do are frequently small hobbiest projects that shouldn’t need to be updated just because the megacorps decided to take advantage of browser features.
deleted by creator
the user is a piece is software, if the human decides to blindly trust it to execute arbitrary code (javascript) without reading it first they weren’t concerned with their privacy anyway. if they did read it then they had full knowledge of what was being collected.
Ok, lets go down the line of things happening here.
You kill data mining, great, awesome! You have my support!
Oh, but suddenly, worldwide, hundred of thousands of job fall. Data brokers fall first. Their servers drop and the thousands of project managers, database administrators, developers, product managers and all in between get without a job.
Ok but fine, maybe they can find a new job! Positive thinking! It is a big world after all!Oh, but the data brokers are gone, so now analysists cant tell what people will like, what they dont, what works and doesnt. Whoops. But hey, nothing bad those are gone! Maybe they can find jobs down town in the factory that doesnt exists or uses robots.
No analysists, so maybe trying to make that one show or product you like doesnt sound that attractive to produce anymore. Hey, who knows who’ll buy it right? Maybe that product you like will make a few wrong guesses and die out. But nothing bad, another company will fill the hole left behind by dieing companies!
Now scientists ( im including computer scientists here ) cant access data at large anymore either because data brokers are forbidden in proxy. Shit, how are we going to get our data about diseases now. From a limited set? Okidoki! Our research says 90% of tested people get cancer from drinking water. Water is deadly now guys! Our data of 10 people said it was!
How do we process patient data to find problems before hand, easy we dont lawl. Who needs that stuff anyway!Oh hey, since nobody is allowed to collect and sell data anymore, those few sites you use will die. They cant maintain the costs of research & development nor the hosting. So they have to paywall their site or close the doors, like the good old days with newspapers, pubs, cafe’s and television! Those were the days! But i like to pay for quality stuff so they can live! Ok, now lets do that for every site you visit and use in your day-to-day life!
Look, you get the picture i hope. I hate data collecting and have systems in check to hopefully poison the well myself. But your shortsighted approach is not the solution. The world is a hell a lot more complex than that.
Sources to this line of thinking: me, who works in healthcare, my brother working as a project manager in a data company to use in researches, and my other brother working as cto in electricity facilities.Uhh. This was a fun slippery slope to slide down, but whatever you claim are your credentials, the core premise is completely incorrect.
- Data brokers that buy, sell, and analyze user data for advertising purposes have absolutely nothing to do with the vast majority of scientific data collection and analysis. No healthcare or research scientist is harvesting your clicks on facebook to analyze diseases. Nor are they funded by your clicks on facebook. They’re not even using the same infrastructure - most healthcare databases have way more privacy restrictions already in place and are owned and operated by different companies.
- Companies were perfectly capable of figuring out what products were attractive before any of this existed, and the primary benefit of harvesting user data for advertising isn’t to provide a good product, it’s to outcompete all the other nearly identical products, including the ones that are objectively better.
- Industries that don’t benefit society don’t get to keep existing just because they employ people. Switchboard operators - unlike personal data brokers -were critical for communications. Those jobs didn’t need to keep existing just to keep those people employed.
They will die and new ones will rise. Fuck any job that is based on data mining and the predatory usage of said mining.
Datamining is the reason every fucking second of our lives is monetized.
They cant maintain the costs of research & debelopment nor the hosting. So they have to paywall their site or close the doors
The irony of posting this comment on Lemmy, which runs based on donations. It isn’t paywalled, and doesn’t require data mining to operate. As well as Wikipedia which is completely free, and wildly successful. Which again doesn’t need to violate your privacy to continue existing.
Not to mention, not every website is making money off selling your data, and are instead selling goods or services. Which can continue to operate and make money just fine.
The fact you think the economy would collapse because data miners would lose their jobs, is showing your bias.
Nek minnit you’ll be telling me we ought not stop fighting needless wars whenever the US beckons us, because of all the poor weapons contractors losing work (massive hyperbole, but you get my point).
People working in data mining have heaps of transferrable skills, they would be totally fine.
The internet existed before enshitification, and it certainly could afterwards.
Would you have to pay a little more to access certain things? Sure. But I find the argument that the internet would cease to function very unconvincing.
Is that what legitimate interests are, or is that just misleading? I always turn off legitimate interests too, I don’t understand the use of the label and I don’t trust it.
You cannot say no to legitimate interest. That’s a valid legal basis for processing the data that you only need to be informed about. Some times it appears like they are asking for your consent (which is a different legal basis for processing data) for legitimate interest, but that’s likely just a poorly designed interface.
Session cookies for login are legitimate, I’m not really sure about others
Another layer of annoying on a massively stupid piece of legislation that has made the internet immeasurably worse for everyone.
These preferences should be settable in the browser, transferred during http* connection and honoured by every single website you use.
Any changes that marketeers come up with should be ratified in the same way that changes to internet protocols are, and if the browser doesn’t support them yet, they are assumed “do not”.
Ah yes, stupid legislation ruined cars, now I my entire trip is ruined since I have to buckle up my seatbelt at the beginning of a trip.
How is this a problem with the legislation? Do you honestly think your privacy was respected before the law demanded that websites tell you about how they violate your privacy?
Web browsers DO have this as a universal setting, Do Not Track, but websites choose to ignore it beacuse it doesn’t benefit them to respect your right to privacy and treat you with the respect due to a functioning adult.
The legislation was a massive win for everyone except the predatory manipulators.
That’s exactly my point.
The legislation, from the start, should have upheld the do not track and similar settings in browsers. Require websites to check and honour those flags.
Instead, we get some half-arsed requirement to add cookie banners to every website under some vague threat of prosecution (which never seems to happen unless you’re a social media giant) that inconveniences every single user, and often more than once.
This here, now, is a tiny bandage on a gaping wound caused by not doing what was required in the first place.
The ePrivacy Directive from 2002 already covers this so each EU country should have their own laws regulating cookies with regards to this directive.
https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32002L0058
(25)
Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment.
So this should have been a thing since even before GDPR was introduced. Cookie banners or some other form of informed consent like Do Not Track should have been standard and enforced at a country level even before Facebook, Youtube and co even got off the ground.
The story above says its a violation of the German TDDDG law that seems to be based on the ePrivacy Directive so this is them finally using the regulations of cookies that was established over 2 decades ago.
The legislation does exist, it just looks different in each country and no country was bothered to really enforce the law but now it seems GDPR has enabled countries to throw around the whole weight of the EU as opposed to just one country’s weight since its unified across the EU.
I’ve only had to complain to 2 websites (One pretty big website and one small local website) about not having an explicit option to reject specific cookies as outlined in the ePrivacy directive and both websites are now compliant. So it does exist and it does work but nobody is willing to or doesn’t know they can make complaints about websites that don’t comply with cookie consent.
The EU can’t monitor every single website, its just not realistic so its up to users to be informed of their rights and be willing to complain to these websites and then to their local regulator if those websites don’t comply.
Fuck you pieces of shit.
Go track this:
I usually just do this:
:max_bytes(150000):strip_icc()/Minimize-Concept-Buttons-3fa9d8fe7b634802bc5de955a0092b2f.jpg)
A friend of a friends relative’s 2nd cousin mentioned that pornography sites have been surprisingly compliant about this, already.
As usual, this should have been the responsibility of browsers, not individual websites.
The kind of stupid shit societies have to invest money in. Don’t get me wrong, it’s good news, it’s just baffling that money had to be invested in order to get these bastards to do the civil thing.
‘its baffling in a capitalist society, corporations do everything they can to squeeze the most money out of their users with zero regard for the users wants or needs, and do whatever they can to skirt legal obligations that protect consumer privacy and security’
Yeah. I’m baffled.
I recently started to use “I still don’t care about cookies”. So far so good.
This and Consent-o-matic
The issue about that extension is this:
When it’s needed for the website to work properly, it will automatically accept the cookie policy for you (sometimes it will accept all and sometimes only necessary cookie categories, depending on what’s easier to do).
It will often just accept the cookies as is.
Can we ban the “Pay to have privacy” option as well.
Fuck every site that tries to pull that shit.
Pay or OK is banned.
It’s not banned. Meta isn’t allowed to use that option, because it has monopoly power. IE in the view of the court, you can’t avoid using Meta. For any ordinary site, there is always the option to refuse either and leave.
The scope of this opinion is indeed limited to the implementation by large online platforms (which are defined for the purposes of this opinion)
Whatever notions of privacy we used to have are all going to crumble as the newest AI tools come online for prying open people’s profiles and predicting their behavior, their locations, their personal habits and spending, their health and family and relationship statuses, simply by analyzing a few patterns in your search terms and cookies.
From that information, these same monsters are going to be able to target you specifically with the kind of manipulative effort that previously would involve teams of people working around the clock to derive methods for influencing a single target. But it will be doing it on mass-scale, putting that same kind of effort into influencing millions and millions simultaneously.
And we all have vulnerabilities. The more invulnerable you think you are, the more likely you are to be subtly shifted by long-term, 3-dimensional tactics for changing the way you think and feel. Be it the way you think and feel about the latest flavor of PRIME energy drink, to how you think and feel about genocide.
We have to get off the fucking internet.
We and our
908partners store and access personal data, like browsing data or unique identifiers, on your device.Absolutely, we need a Reject All button!
I have also seen on some websites that you have to pay them through subscription if you want to reject all cookies
Pretty sure that’s illegal AF. Report them?
Will do when I encounter any more
And it should include this mysterious ‘legitimate interest’, or whatever it is called - always on by default in ‘my choices’, even though no one seems to be able to explain what this means. How can I make an informed consent on something that vague?
On the other hand, not ‘Reject All’, but ‘Reject All except functionally necessary’ (which should be precisely regulated by the law), otherwise there will be no cookie to remember our ‘reject all’ choice, which I am sure the corpos would happily use do discourage us from clicking that.
the “functionally necessary” cookies, which are served by the site itself (e.g. not a third party), do not require a banner at all. if you have no third party cookies, you can do entirely without it.
I’m sure “functionally necessary” already means we share your data with everyone because we setup a system where the local page state is managed by third parties that we are selling your data to.
Rejecting cookies without asking every time requires a cookie and that is clearly legitimate interest. The problem with legitimate interest is that it’s not well defined enough and then you have companies claiming that Adsense personalization is an absolute necessity for their website.
But that would be cookie for the website I am visiting, not for a dozen of ‘partners’. And these are the ‘legitimate interest’ on-by-default switches I am talking about.
That shit makes me so mad. What the fuck is legitimate interest if not the cookies which are set anyway to make the site function It’s just purposefully misleading.
It’s basicallly just a label they beed to slap to suddenly be avle to circumvent some forms of non-consent. There’s also overriding legitimate interest (just as vague btw so it covers everything).
In other words, legitimate interest is a form of rape (what with the circumcenting consent and all)
Okay, so I’m going to copy-paste an answer I got from someone I know who works in a legal department:
Basically, Legitimate Interest lets them track you as if you clicked Accept All, then subsequently they can decide if they think you would benefit from the tracking by their own metrics, which includes things like targeted advertisting which, of course, they do. So “Legitimite Interest” really means “Reject, But Actually Accept”.
That is what I always suspected and why I take my time to uncheck all these.
Have to individually reject each and every fucking “partner.”
Literally saw one with 1300+ the other day, thought I was going insane 😳
We need a reject all browser flag. With obscene penalties for ignoring it.
Cookie banners need to piss off forever. You may set some functional cookies only if I log in.
what about color scheme cookies?
No one cares about that
websites should be allowed fun and whimsy
You may set some functional cookies only if I log in.
The irony made me exhale a burst of air from my nose before closing the page, never to return.
Basically every cookie acceptance agreement popup is just a 404 to me. No webpage has important enough information anymore for me to sign any kind of agreement. It’s absurd. If you passed by a shop and wanted to go in and purchase something, but a clerk stopped you at the door and made you sign a fucking agreement that store would die in a month.
After reading one of these pop-ups the first time I saw one, a switch was activated in my brain. Now when I see one, I hit the back button on my mouse before the last scan line of the page has reached the end.
I don’t need the information that bad.
A disgusting behavior that I’ve seen in Spain is for websites to direct you to their subscription page if you say you don’t want to be tracked, either you pay for the content or you don’t get any content. Apparently the Spanish courts have deemed this legal.
If you use uBlock Origin, add the following rule:
* privacy-center.org * blockThis kills 99 % of the “accept or pay” modals, an you can still access the page normally.
