European Union set to revise cookie law, admits cookie banners are annoying

It would be nice if the options weren't like "Enable all cookies" and "navigate 4 menus that try to convince you to enable all cookies."

It would be better if you could set your preference on the browser once and never have to mess with it again unless you want to have exceptions for specific sites
- In theory this is done. There is a Do Not Track (DNT) header that is browser defined. Does anyone use it? Do they fuck.
AFAIK the regulation already says that the "only necessary" should be available with one click. I think the issue is that it's difficult to go after all the small pages that are breaking the law. The big ones like YT of Google already have the 'disable all' button on top, I'm guessing because EU complained.
- It doesn't say that it should be available with one click.
  It says that accepting should be just as easy as declining. Which also includes things like not being allowed to have a "greyed out" button to reject while the accept button is big and sparkly.
- It depends on the country. GDPR is not a law. It's a framework that countries use to implement national laws. GDPR doesn't say anything about one-click rejection, but some countries added it to their national law.
- I want an "only necessary cookies except one cookie to remember I clicked this option" button available with one click.

Just make it illegal to sell user data to "data partners", and use cross site tracking.

Nobody actually "consents" to this shit. They just don't read.

Just add 2 things:

Cookie settings are possible to set in the browser for all pages.
There's a reject all button on every cookie banner.

There’s a reject all button on every cookie banner.
Most importantly, those banners should be streamiled to look the same at the very least. No highlighing "ACCEPT ALL" while graying out "reject all" nonsense. No swapping the buttons left and right, top to bottom trickery. I'd prefer if the browser takes care of it all, though. I'm already using a plugin for that, though it comes with draw backs.
- Right, this!
  Tired of all the dark patterns.
No, just ban the collection of user data and selling to 3rd parties. Enormous fines for anyone still doing it. Destroy this entire industry please.
- The EU is primarily pro-business, but that also means being against anti-competitive and underhanded business practices
  The browser thing sounds like a good solution (although there must be a reason why DNT headers weren't made legally binding, potentially as they wanted to allow people to pick and choose what cookies they allow based on what they thought was "too far" or something but that's conjecture), however disallowing all user data will likely lead to companies not being able to advertise to people who are interested in their products, something which the EU will see as a negative and would also cause an uptick in scams and misinformation as you see in low quality advertising space at the moment
No there most definitely is not. Most banners have a big yes button, and you need to scroll to a settings button and then do five more things to not get cookies.
- He said that should be added
- So true. And then you have Schibsted, Norways biggest media conglomerate; the only way to reject cookies is that you have to log in in order to reject it! According to the cookie law (no idea what it's called), it's illegal. It's been reported to the EU and Norwegian government numerous times, but nothing happens. Fuck Schibsted!!
- I meant it should be added as a default thing you have in every one of those things.
But even if you reject all, you still allow them to track you through the legitimate interest cookies
- That doesn't sound like a legitimate interest and should be fined or something.
well, not on every cookie banner
The reject all is already a thing. (Well is not all all, but reject all except necessary but those doesn't matter much, they are not tracking).
That said usually is not called this way as obvious, sometimes is just "reject" without the all, "accept only necessary", "decline", etc or you have to close the banner etc or they use some other confusing pattern.

They should do something about "consent platforms" using various DNS tricks and thousands of domain names to bypass/evade user blocks.

I wasn't so bothered about some non-invasive ads a few years ago, but I absolutely despise any kind of ad now TBH, and it's mainly down to how persistent some of these platforms are with their evasion tactics

Also pretty ironic for their popups to talk about "respecting" my privacy when these platforms literally do the opposite of that to show their popup in the first place. I will not support any of them, in any way, on my network.

As soon as I see a new one appear when browsing, I chuck it into dnsdumpster so it can get recorded with the rest of them, and then block the new list from dnsdumpster (grid icon) on my network.

It should be just a browser option.

You set cookies on or off, ans the browser sends the option in the headers. Websites just need to take the option from the header instead of a banner.

It already exists and is called "do not track".
There are addons (for firefox at least) where the cookie banner will come up but your browser auotmatically refuses all cookies.
- https://consentomatic.au.dk/
  This is the one I use. It's FOSS and developed at a university.
That has been tried with the DoNotTrack header. Turned out servers didn't oblige by it.
- Yeah, but if the EU required sites to pay attention to them...
- That's because it was entirely voluntary. It should be integrated in the browser by law, and the choice should be binding
Am I mistaken in believing it is an already a browser option?
Off the top of my head Qutebrowser and Falkon both support not-saving 3rd party cookies.

Now don't make it worse!

Narrator: They made it worse
- 'they always can, they always will'

I'd be happy to keep the ones that say:

"we notice you are in europe and we can't use our cookies to track you so you can't come to our website"

It's good to know sites with policies like that to ensure I never visit them.

"It is literally impossible for us not to spy on you or sell your data. Sorry not sorry bye."
Typically, those already have geo filters because they can't be bothered to implement EU requirements.
Unless you're outside of the EU, of course, in which case you'll probably be tracked no matter what.
- One example I know if is my hometown newspaper, dentonrc.com; I have a friend who moved to Europe and was annoyed that they geo-blocked him, but I can't really blame them. How many people are really gonna visit the site for a small American newspaper from the EU? From a business perspective it makes no sense for them to pay a developer to do more than the bare minimum.

Not only are they annoying, they go half way to legitimising the theft of user data.

Exactly. Identify what uses are legitimate and what uses aren't, and legislate directly. None of this consumer consent crap because it's meaningless to consumers. No consumer benefits from their browsing habits being under surveillance.
- Was done before too, but now the websites simply need a banner for using categories of cookies which require it (tracking, marketing, ..)
  And we already have GDPR at least limiting activities in a broad sense. (of course lots of leeway, but still much better than before)
  You cannot do more with a cookie banner you couldnt already do before.

I'm not a fan of the cookie consent popups, but I do appreciate the EU actually trying to do something to protect people's privacy. Seemingly the only major entity to do so right now.

At least the regulation show us how shady internet is. That banner only shows up if the website is going to use cookies to use your data as a way to make profit. The fact that every website is doing that was eye opening for a lot of people.

Lol I'm a web developer who has put hundreds of those banners on clients' sites. Not as part of some nefarious data-selling scheme, but rather as a shallow tickbox exercise in order to comply with laws about technology they don't understand.
In this case, assuming ignorance over malice is the way to go.
- In this case i assume you're an ingnorant developer who didn't thought of better options to comply with the law

And you know what? That’s cool. They’re not doubling down, they’re not staying the course. I’ve spent a lot of time in the EU and yeah, those cookie pop ups absolutely are annoying, but as a US citizen it’s a reminder of how the EU is trying to protect its citizens, FBFW, how the US is still bending to corporatocracy, and I am simultaneously envious and annoyed as I click “Alle Ablehnen”.

Just don't remove it entirely, currently companies will at least pretend to comply.

bEFORE yOU cONTINUE tO gOOGLE sure is annoying though.

Remove banners, just make the companies respect the browser setting.
Please do remove it entirely.
I manufacture data about myself. Businesses want to collect this data for their commercial benefit and profit, without paying me. Cookie splash screens almost provide a method for this to happen legitimately, while still not providing me fair consideration.
Businesses should be prohibited from collecting user data, from taking value, without paying for it.
- How could you enforce a ban on any kind of user data and how could such a compensation system even work?

Eh, I think cookies should just be opt-in unless they're absolutely necessary for the site to function.

Then all cookies will be considered necessary. It's very hard to legislate the edge case.
This is what the regulation was all about. The law did not said anything about cookies, they are the core web technology, just that you must be asked for personal data processing.

The EU law explicitly says no consent by default and users have to opt in. All of these cookie banners are breaking the law, the law doesn't need to change it just needs enforcing and these banners will disappear. We already have a do not track header and that could be complied with but it's enforcement that is the problem.

How do they break the law? The opt-in forces them to ask you first and that's what the annoying banners do. Sites that don't care about tracking also don't show these pop-ups.

And it actually is... Quote from the GDPR:
It shall be as easy to withdraw as to give consent.

A serious law would be like (but in legalese):

By default you CANNOT use tracking cookies
If you want to use them you should have a Table that classify them based on how much fingerprint do they take
Then you have to explicitly ask the user in the most clear and unintrusive way possible if you can track them
And the consent should last 30 days max

That is actually really close to what is present now. The EU never said "use cookie banners" but rather "if you really want to track people, they have to say yes". And most commercial websites decided to make it hard to say no, now everyone blames the EU for doing so. Your second point is not yet implemented, this would be really good for consumers.
- They never should have made opt-in an option in the first place. All the legitimate reasons to store data are already permitted without asking permission (required for the site to function, or storing data the user specifically asked the site to store such as settings). All that's left is things no one would reasonably choose to consent to if they fully understood the question, so they should have just legislated that the answer is always "no". That plus a bit more skepticism about what sites really "need" to perform their function properly. (As that function is understood by the user—advertising is not a primary function of most sites, or desired by their users, so "needed for advertising to work" does not make a cookie "functional" in nature. Likewise for "we need this ad revenue to offer the site for free"; you could use that line to justify any kind of monetization of private user data.)
Seriously I hate how disabling cookies is a hassle that you have to do on a seperate settings site... Where you get another cookie banner obstructing half of the settings
Sounds like the current law, except for the last point. The problem is with enforcing compliance.

I actually just landed in the EU for the first time since 2014, and i'm honestly quite pleased with the notifications i'm getting (albeit not the ones discussed here). The first time I opened AirBnB since landing, it asked me permission for all the data it wanted to collect for targeted advertizing, and I was actually able to turn off most of it. I wish the US had the same.

The website popups are quite annoying, but those are easier to control anyway by picking better browsers and extensions.

OH THANK f'ING GOD

It would be less annoying if you could easily tell it that you don't want garbage. Instead, when you select your preferences you have to go through a whole list of options. By the time you're finished customizing your cookie preferences you've forgotten why the hell you went to the page and what the hell the page is. It's ridiculous. It should be as simple as having two buttons: one for accepting the site's default garbage and another for for rejecting the site's default garbage.

The browser extension Consent-o-matic does this and was developed with money from the European Commission.

Common European Union W

Ah. I wasn't aware of that. Thanks!

It does... ¯(ツ)/¯
- No. Most of the time there is a Accept all button, but a Manage button and then another popup where you have to uncheck everything and then Save. Pretty annoying, especially on mobile

Because asking nicely and hoping always worked that well...

Cookie Monster approves.

I bet they will keep adding loopholes to keep websites bullying their visitors.

why bother making legal frameworks when you can't enforce them, there are hundreds of thousands of website including very prominent ones that hide the "reject all cookies" button after a second screen prompt. or flat out force you to opt-out of every second cookie category , just so you give up. they haven't been fined. and they know EU authorities aren't bothered either, so they keep infringing on the GDPR.

My biggest qualm is that usually these sites won't save it when you only allow necessary cookies. So they will ask you for every single session until you give in.

About time. Last time I pointed out the uselessness of cookie banners, the reddit hivemind downvoted me to heck.

If a service wants to proccess your personal data they must get a consent. What's useless about that?
- For starters, calculate how many million man hours it's wasted. This very article is them admitting they went about it the wrong way

This is the worst output of EU regulation ever. How has it taken them so long to realise it's annoying?! Don't they use the internet in Brussels?

You dont need a cookie banner if you dont want to invasively track the users.
So its really the fault of the websites for wanting to use categories of cookies which do require a banner (ad and tracking).
- Indeed
  Plenty of websites that don't have a cookie banner like Wikipedia and Lemmy. And both of them are completely legal.
  It is only after the cookie banner that we now know how many websites are actually selling our data, turns out it is the grand majority of them.
You must hate your doctor for giving you the diagnosis of your illness :P