• The Cooking Senpai@lemme.discus.sh
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    1
    ·
    1 year ago

    A serious law would be like (but in legalese):

    • By default you CANNOT use tracking cookies
    • If you want to use them you should have a Table that classify them based on how much fingerprint do they take
    • Then you have to explicitly ask the user in the most clear and unintrusive way possible if you can track them
    • And the consent should last 30 days max
    • Holli25@slrpnk.net
      link
      fedilink
      English
      arrow-up
      36
      ·
      1 year ago

      That is actually really close to what is present now. The EU never said “use cookie banners” but rather “if you really want to track people, they have to say yes”. And most commercial websites decided to make it hard to say no, now everyone blames the EU for doing so. Your second point is not yet implemented, this would be really good for consumers.

      • nybble41@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        They never should have made opt-in an option in the first place. All the legitimate reasons to store data are already permitted without asking permission (required for the site to function, or storing data the user specifically asked the site to store such as settings). All that’s left is things no one would reasonably choose to consent to if they fully understood the question, so they should have just legislated that the answer is always “no”. That plus a bit more skepticism about what sites really “need” to perform their function properly. (As that function is understood by the user—advertising is not a primary function of most sites, or desired by their users, so “needed for advertising to work” does not make a cookie “functional” in nature. Likewise for “we need this ad revenue to offer the site for free”; you could use that line to justify any kind of monetization of private user data.)

        • Holli25@slrpnk.net
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          There is a fine and impossible to hit line that businesses have their own interest of surviving and should be able to use data. Like making better suggestions or tracking whether certain changes in their homepage work. This is not required for functioning but vital to companies for succeeding and giving you a better product. However, this should only be done on one site at a time, cross-site tracking oe fingerprinting is what sucks and allows data brokers to exist in the first place.

          No lawyer can hammer into law, what a site needs to function, as it differs by site and is flexible in what people think is necessary. But your examples are good in that they show how sites go way too far to justify their over-the-top tracking. Maybe there really is an easy way to write it in “legalese”, but I don’t see it yet. But I am fully on your site, the current behaviour and practices are bad and unclear for customers.

    • TheEntity@kbin.social
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      Sounds like the current law, except for the last point. The problem is with enforcing compliance.