Comment by Pooge

Comment by Pooge 9 hours ago

4 replies

View on Hacker News

The priority of the GDRP was that you needed your users' consent to process their personal data. The industry answer—cookie banners—is something that the industry created because their tracking incentives were higher than their users' experience.

Do Not Track was a thing since basically forever and the industry willfully chose to ignore it.

If you want to keep using websites that have dark patterns and track you, that's on you. I would argue it's even better than before because at least the average user would notice he's being tracked and the website makes it clear that the user's interests are not aligned with the website's owner.

Blaming it on the lawmakers—which I use as mockery as much as the next guy—is of bad faith, in my opinion.

SpecialistK 9 hours ago

Why is blaming the lawmakers, the only ones who can enact laws governing this, "bad faith"? Bad faith does not mean a decision or opinion you disagree with.

Do Not Track was ignored because there was no legal requirement to. Wikipedia is not the best source, I know, but its first sentence on the "Adoption" section is: "Very few advertising companies actually supported DNT, due to a lack of regulatory or voluntary requirements for its use"

Lack of regulatory requirements. In other words, no government had the smarts or the spine to make it a law. Who is to blame for making the law...? Lawmakers.

"that's on you" is also an absolute cop-out, in my opinion. Lots of things on the internet are illegal, usually for good reason. I don't think I need to list examples. The EU, EU member-states, and other jurisdictions have no problem making horrendous things on the web illegal to host or visit. If data harvesting is bad, explicitly make it illegal.

"The average user would notice he's being tracked" also is the counter-argument to my point - if every site, no matter how banal, has a bar at the bottom with a big blue button that effectively says "yeah whatever go away" then it's ignored. Boy who cried wolf. If this bar only showed up on Meta and Google and Doubleclick ads then maybe it would carry some weight.

I didn't think it was necessary to say, but apparently it is: my criticism of this part of the GDPR is not to invalidate the good work it has done for user rights on the web. Only to note that regulations, no matter how well intentioned (the point of the OP), come with side-effects that were unseen at the time. Don't waste keystrokes defending those unfortunate side effects (while apparently blaming everyone except those with the power to change it) but instead form campaigns and working groups to propose something better and encourage your legislators to adopt it.

Reply View 3 replies
  • Pooge 9 hours ago

    I agree that the GDPR could have gone much further but making data harvesting illegal was never the point—and this is not my opinion.

    Websites could show a small banner that says "hey, we use cookies for targeted advertising; click here to opt in to them" but instead chose to use a full-screen pop-up where you can't even navigate properly if you don't click. Hell, some don't even have an easy to access "Reject all" button—I even wonder if it's legal.

    While I admit cookie banners are a side effect of the GDPR, they only came to be because that's what the industry chose. Claiming that the reason Big Tech did not honor DNT is because there was no legal requirement is true but not the full picture; they ignored it because it is against their advertising incentives.

    GDPR should be even more radical for sure but none of what they enacted was a mistake.

    Reply View 2 replies
    • SpecialistK 8 hours ago

      Cookie law banners are almost never full-screen. They do often impede clicks on a website ("why can't I click? Oh, I'm zoomed in and the cookie banner is below the viewport now") but very few are as outright obtrusive as a screen-dimming "you have an ad blocker!" or "please join our mailing list!" prompts. At least in my experience.

      But that's beside the point. My point (generally) is that what the industry wants is irrelevant. I'm sure many industries would like to pay below minimum wage, or employ children, or deny sick days. It's legislation (and labor unions, but I'm not going down that road right now.) that stops them. Legislators put a stop to all of that because it's bad for people and society beyond that company's bottom line. Governments are the ones who have the tax-collecting, police-enforcing ability and no one else.

      Sites abide by the rules as they're read and the precedent of their enforcement. Maybe the only change that needs to be made is an explicit definition of good vs bad cookie banners. And real enforcement of those rules. That's above my pay grade.

      But I'd like to go back to my original point: regulations being good or bad is in the eye of the beholder. Things that are ultimately good may have annoying effects on the few impacted. Like EV mandates which are great for emissions but deny car enthusiasts their vrooms. Or energy efficient refrigerators which don't have pull-out drawers like American ones did in the 1950s. Or compostable wooden spoons which send shivers down my spine when I put them in my mouth. Often this is a head vs heart distinction, and I accept that.

      The GDPR is not an exception to this, and considering the immense power imbalance between the tech giants and the average person, the only counter we really have are legislators who need to take that responsibility seriously.

      Reply View 1 reply
      • Pooge 8 hours ago

        > Cookie law banners are almost never full-screen. They do often impede clicks on a website ("why can't I click? Oh, I'm zoomed in and the cookie banner is below the viewport now") but very few are as outright obtrusive as a screen-dimming "you have an ad blocker!" or "please join our mailing list!" prompts. At least in my experience.

        At work I—unfortunately—cannot install uBlock Origin on some devices and the few times I need to use that device I have the opposite of your experience. Do you live in the EU?

        I understand your point but GDPR was not here to ban data harvesting. If anything, I'd call cookie banners a win because it exposes bad websites for what they really are: pieces of garbage riddled with dark patterns trying to force you to consent to give your data by profiting off of your lack of attention. I'm not a lawyer, but I'm sure the "Reject optional cookies" option is mandated by law. That's why GDPR was successful within the scope it was given.

        Thinking it was either pop-up banners or nothing is a false dichotomy.

        Reply View 0 replies