- cross-posted to:
- privacy@lemmy.world
- cross-posted to:
- privacy@lemmy.world
The “Accept all” button is often the standard for cookie banners. An administrative court has ruled that the opposite offer is also necessary.
Lower Saxony’s data protection officer Denis Lehmkemper can report a legal victory in his long-standing battle against manipulatively designed cookie banners. The Hanover Administrative Court has confirmed his legal opinion in a judgment of March 19 that has only just been made public: Accordingly, website operators must offer a clearly visible “reject all” button on the first level of the corresponding banner for cookie consent requests if there is also the frequently found “accept all” option. Accordingly, cookie banners must not be specifically designed to encourage users to click on consent and must not prevent them from rejecting the controversial browser files.
You must log in or register to comment.
As usual, this should have been the responsibility of browsers, not individual websites.
this is a GDPR extension as I understand it
While we’re at it, can we also talk about things that look like chat notifications, but exist only to draw your attention? Those are misleading as fuck and IMO should be ruled out as well.
You wonder, why do they not just make it illegal to use cookies at all (other than for legitimate purposes like loggin in).
Who actually wants to accept?
As much as i would love to see that, youll be burning down a multi-billion, if not trillion, worth market.
Also, idk if i want the alternative of cookie tracking to be used as much as cookie tracking. Scary stuffyoull be burning down a multi-billion, if not trillion, worth market.
Oh no
Also, idk if i want the alternative of cookie tracking to be used as much as cookie tracking. Scary stuff
Here’s an idea, you outlaw that also
We have been in the wild west of the internet the last 20 years or so, and you wonder when we’re finally going to actively police it
Ok, lets go down the line of things happening here.
You kill data mining, great, awesome! You have my support!
Oh, but suddenly, worldwide, hundred of thousands of job fall. Data brokers fall first. Their servers drop and the thousands of project managers, database administrators, developers, product managers and all in between get without a job.
Ok but fine, maybe they can find a new job! Positive thinking! It is a big world after all!Oh, but the data brokers are gone, so now analysists cant tell what people will like, what they dont, what works and doesnt. Whoops. But hey, nothing bad those are gone! Maybe they can find jobs down town in the factory that doesnt exists or uses robots.
No analysists, so maybe trying to make that one show or product you like doesnt sound that attractive to produce anymore. Hey, who knows who’ll buy it right? Maybe that product you like will make a few wrong guesses and die out. But nothing bad, another company will fill the hole left behind by dieing companies!
Now scientists ( im including computer scientists here ) cant access data at large anymore either because data brokers are forbidden in proxy. Shit, how are we going to get our data about diseases now. From a limited set? Okidoki! Our research says 90% of tested people get cancer from drinking water. Water is deadly now guys! Our data of 10 people said it was!
How do we process patient data to find problems before hand, easy we dont lawl. Who needs that stuff anyway!Oh hey, since nobody is allowed to collect and sell data anymore, those few sites you use will die. They cant maintain the costs of research & development nor the hosting. So they have to paywall their site or close the doors, like the good old days with newspapers, pubs, cafe’s and television! Those were the days! But i like to pay for quality stuff so they can live! Ok, now lets do that for every site you visit and use in your day-to-day life!
Look, you get the picture i hope. I hate data collecting and have systems in check to hopefully poison the well myself. But your shortsighted approach is not the solution. The world is a hell a lot more complex than that.
Sources to this line of thinking: me, who works in healthcare, my brother working as a project manager in a data company to use in researches, and my other brother working as cto in electricity facilities.Uhh. This was a fun slippery slope to slide down, but whatever you claim are your credentials, the core premise is completely incorrect.
- Data brokers that buy, sell, and analyze user data for advertising purposes have absolutely nothing to do with the vast majority of scientific data collection and analysis. No healthcare or research scientist is harvesting your clicks on facebook to analyze diseases. Nor are they funded by your clicks on facebook. They’re not even using the same infrastructure - most healthcare databases have way more privacy restrictions already in place and are owned and operated by different companies.
- Companies were perfectly capable of figuring out what products were attractive before any of this existed, and the primary benefit of harvesting user data for advertising isn’t to provide a good product, it’s to outcompete all the other nearly identical products, including the ones that are objectively better.
- Industries that don’t benefit society don’t get to keep existing just because they employ people. Switchboard operators - unlike personal data brokers -were critical for communications. Those jobs didn’t need to keep existing just to keep those people employed.
They cant maintain the costs of research & debelopment nor the hosting. So they have to paywall their site or close the doors
The irony of posting this comment on Lemmy, which runs based on donations. It isn’t paywalled, and doesn’t require data mining to operate. As well as Wikipedia which is completely free, and wildly successful. Which again doesn’t need to violate your privacy to continue existing.
Not to mention, not every website is making money off selling your data, and are instead selling goods or services. Which can continue to operate and make money just fine.
The fact you think the economy would collapse because data miners would lose their jobs, is showing your bias.
Nek minnit you’ll be telling me we ought not stop fighting needless wars whenever the US beckons us, because of all the poor weapons contractors losing work (massive hyperbole, but you get my point).
People working in data mining have heaps of transferrable skills, they would be totally fine.
The internet existed before enshitification, and it certainly could afterwards.
Would you have to pay a little more to access certain things? Sure. But I find the argument that the internet would cease to function very unconvincing.
Datamining is the reason every fucking second of our lives is monetized.
They will die and new ones will rise. Fuck any job that is based on data mining and the predatory usage of said mining.
why shouldn’t there be a wild west for those that want it?
I don’t remember there being CCTV everywhere in the wild west.
Nobody is stopping anyone from requesting the information from users via, say, a form they fill out, or enabling data tracking for a specific user-enabled purpose. The only thing people are advocating against is users’ info being collected without their knowledge, consent, or both. Nobody is losing any freedom.
the user is a piece is software, if the human decides to blindly trust it to execute arbitrary code (javascript) without reading it first they weren’t concerned with their privacy anyway. if they did read it then they had full knowledge of what was being collected.
You’re in favour of companies mining our data and selling personal information with impunity?
I’m in favor of laws targeting advertising in general, not specific implementations of advertising or data mining.
If a few friends make websites that all have access to each other’s cookies for things like high scores this would use third party (cross site) cookies because nobody in their right mind would want to store user data on a server for a hobby project. This is the exact same tech that allows ads to track you across the web, just a more legitimate use of it.
I don’t see why you’d need to throw out that baby with this bathwater.
My point is the same as yours. You ought not need to “reject” cookies for the purposes of tracking you for marketing, or other defined illegitimate purposes. It should just be illegal by default.
And if you want to opt in for some specific feature, as you suggest, you could (as long as you still legislate you can’t bundle more tracking along with it).
Things should just do what is says on the tin.
In my opinion.
a website that has a primary function that relies on third part cookies shouldn’t require any opt-in nonsense, most websites don’t need them, not the ones that do are frequently small hobbiest projects that shouldn’t need to be updated just because the megacorps decided to take advantage of browser features.
Is that what legitimate interests are, or is that just misleading? I always turn off legitimate interests too, I don’t understand the use of the label and I don’t trust it.
You cannot say no to legitimate interest. That’s a valid legal basis for processing the data that you only need to be informed about. Some times it appears like they are asking for your consent (which is a different legal basis for processing data) for legitimate interest, but that’s likely just a poorly designed interface.
Session cookies for login are legitimate, I’m not really sure about others
Also, require its html tag to have an attribute “data-legal-reject” or something like that so we can have browsers auto reject all that shit - while keeping necessary ones.
Better yet, attach this at the protocol level. “X-Cookie-Policy: ImportantOnly” or something like that.
Yeah, there’s no reason why this should be anywhere except the browser level.
The irony made me exhale a burst of air from my nose before closing the page, never to return.
Basically every cookie acceptance agreement popup is just a 404 to me. No webpage has important enough information anymore for me to sign any kind of agreement. It’s absurd. If you passed by a shop and wanted to go in and purchase something, but a clerk stopped you at the door and made you sign a fucking agreement that store would die in a month.
After reading one of these pop-ups the first time I saw one, a switch was activated in my brain. Now when I see one, I hit the back button on my mouse before the last scan line of the page has reached the end.
I don’t need the information that bad.
deleted by creator
Can we ban the “Pay to have privacy” option as well.
Fuck every site that tries to pull that shit.
Pay or OK is banned.
It’s not banned. Meta isn’t allowed to use that option, because it has monopoly power. IE in the view of the court, you can’t avoid using Meta. For any ordinary site, there is always the option to refuse either and leave.
The scope of this opinion is indeed limited to the implementation by large online platforms (which are defined for the purposes of this opinion)
Whatever notions of privacy we used to have are all going to crumble as the newest AI tools come online for prying open people’s profiles and predicting their behavior, their locations, their personal habits and spending, their health and family and relationship statuses, simply by analyzing a few patterns in your search terms and cookies.
From that information, these same monsters are going to be able to target you specifically with the kind of manipulative effort that previously would involve teams of people working around the clock to derive methods for influencing a single target. But it will be doing it on mass-scale, putting that same kind of effort into influencing millions and millions simultaneously.
And we all have vulnerabilities. The more invulnerable you think you are, the more likely you are to be subtly shifted by long-term, 3-dimensional tactics for changing the way you think and feel. Be it the way you think and feel about the latest flavor of PRIME energy drink, to how you think and feel about genocide.
We have to get off the fucking internet.
We and our
908partners store and access personal data, like browsing data or unique identifiers, on your device.Absolutely, we need a Reject All button!
And it should include this mysterious ‘legitimate interest’, or whatever it is called - always on by default in ‘my choices’, even though no one seems to be able to explain what this means. How can I make an informed consent on something that vague?
On the other hand, not ‘Reject All’, but ‘Reject All except functionally necessary’ (which should be precisely regulated by the law), otherwise there will be no cookie to remember our ‘reject all’ choice, which I am sure the corpos would happily use do discourage us from clicking that.
Okay, so I’m going to copy-paste an answer I got from someone I know who works in a legal department:
Basically, Legitimate Interest lets them track you as if you clicked Accept All, then subsequently they can decide if they think you would benefit from the tracking by their own metrics, which includes things like targeted advertisting which, of course, they do. So “Legitimite Interest” really means “Reject, But Actually Accept”.
That is what I always suspected and why I take my time to uncheck all these.
Rejecting cookies without asking every time requires a cookie and that is clearly legitimate interest. The problem with legitimate interest is that it’s not well defined enough and then you have companies claiming that Adsense personalization is an absolute necessity for their website.
But that would be cookie for the website I am visiting, not for a dozen of ‘partners’. And these are the ‘legitimate interest’ on-by-default switches I am talking about.
That’s were the ambiguity comes into play. The laws related to cookies want to allow things like cookies for fraud prevention and antibot protection, the problem starts when the business people say the personalised ad revenue makes it legitimate and the developers and product managers decide that having a bazillion trackers making their job a little easier makes it absolutely essential.
That shit makes me so mad. What the fuck is legitimate interest if not the cookies which are set anyway to make the site function It’s just purposefully misleading.
It’s basicallly just a label they beed to slap to suddenly be avle to circumvent some forms of non-consent. There’s also overriding legitimate interest (just as vague btw so it covers everything).
In other words, legitimate interest is a form of rape (what with the circumcenting consent and all)
I’m sure “functionally necessary” already means we share your data with everyone because we setup a system where the local page state is managed by third parties that we are selling your data to.
the “functionally necessary” cookies, which are served by the site itself (e.g. not a third party), do not require a banner at all. if you have no third party cookies, you can do entirely without it.
deleted by creator
I have also seen on some websites that you have to pay them through subscription if you want to reject all cookies
Pretty sure that’s illegal AF. Report them?
Will do when I encounter any more
Literally saw one with 1300+ the other day, thought I was going insane 😳
Have to individually reject each and every fucking “partner.”
The kind of stupid shit societies have to invest money in. Don’t get me wrong, it’s good news, it’s just baffling that money had to be invested in order to get these bastards to do the civil thing.
‘its baffling in a capitalist society, corporations do everything they can to squeeze the most money out of their users with zero regard for the users wants or needs, and do whatever they can to skirt legal obligations that protect consumer privacy and security’
Yeah. I’m baffled.
A disgusting behavior that I’ve seen in Spain is for websites to direct you to their subscription page if you say you don’t want to be tracked, either you pay for the content or you don’t get any content. Apparently the Spanish courts have deemed this legal.
If you use uBlock Origin, add the following rule:
* privacy-center.org * blockThis kills 99 % of the “accept or pay” modals, an you can still access the page normally.
Make it opt-in where you must purposely click somewhere. And just hide that away where they have their unsubscribe button.
afaik the wording of the gdpr says that rejection must be as easy as acceptance
Not just “as easy” but “at least as easy”. The assumption should be that the user does not consent. And there have also been a few cases where the courts have - quite rightly - rules that “pay for privacy” offers aren’t good enough.
i thought the pay or consent stuff was DMA though?
It is opt-in, if you don’t choose any option on the banner it’s the same as choosing reject all. So, the best option is uBlock Origin with the “Cookie notices” filters enabled.
Heh
Heise Group, you greedy cocks.
Here’s a version of that article that doesn’t deliberately
breakskirt as far as legally possible EU privacy law: https://archive.ph/ZTt3KHeise is not breaking EU law with this. The law states that there must be an option to reject all cookies, whether it’s a paid option or not is up to the site.
This is no longer true thanks to a ruling by the European Data Protection Board.Hang on, I was misreading. I believe there’s been a recent ruling, but this one ain’t it.
EDIT: See pages 39 and 40.
Here, it seems as though no “equivalent alternative” is provided under these criteria. It seems to me like consent-or-pay is heading toward an eventual ban, but Heise makes it clear on their website you can consent, pay, or leave – i.e. not an “equivalent alternative” to my mind.
EDIT 2: Okay, upon reading these criteria further, it seems like this isn’t a violation of EU law but that it’s reaaaally close and that the EDPB really hates consent-or-pay as a loophole and wants it to die as soon as possible. If not breaking the law, it’s still an ethical nightmare, so the first line of my comment stands: “Heise Group, you greedy cocks.”
so the first line of my comment stands: “Heise Group, you greedy cocks.”
Fair enough :D
Fuck you pieces of shit.
Go track this:
I usually just do this:
:max_bytes(150000):strip_icc()/Minimize-Concept-Buttons-3fa9d8fe7b634802bc5de955a0092b2f.jpg)
Cookie banners need to piss off forever. You may set some functional cookies only if I log in.
what about color scheme cookies?
You may set some functional cookies only if I log in.
No one cares about that
websites should be allowed fun and whimsy
I recently started to use “I still don’t care about cookies”. So far so good.
The issue about that extension is this:
When it’s needed for the website to work properly, it will automatically accept the cookie policy for you (sometimes it will accept all and sometimes only necessary cookie categories, depending on what’s easier to do).
It will often just accept the cookies as is.
This and Consent-o-matic
A friend of a friends relative’s 2nd cousin mentioned that pornography sites have been surprisingly compliant about this, already.
