> “cookie consent” pop-ups are stupid and pointless. Pop-ups do not improve privacy, and they make the web worse.
GDPR is not about cookies or consent popups. Even the previous directive from 2011, known as the "cookie law", wasn't about cookies or consent popups.
Both laws are about tracking (GDPR also covers personal data in a broader sense).
Developers are completely free to use cookies, or any other technology, in order to implement their sites. GDPR and the "cookie law" don't care about that.
What they do care about is the purpose of what's been implemented. If it's something that the user wanted, by virtue of visiting the site, e.g. the ecommerce features of an online shop, then that's fine. Use cookies for your shopping carts, use local storage for your word processor's undo, use Flash supercookies for your game's high scores, whatever.
If the functionality is not something that the user wanted, i.e. they could achieve what they want (buying stuff, editing documents, playing a game) without that functionality, then that functionality is forbidden to use personal data (like tracking the user's activity) unless explicit opt-in consent is given. Again, it doesn't matter how that functionality is implemented: 1x1 images, iframes, local storage, browser fingerprinting, or cookies.
If you find cookie consent popups annoying, don't blame GDPR, the EU, etc. Blame the site, since either:
- It doesn't need to ask, since its functionality is wanted by the user.
- The developers wanted to do shady stuff so much, that they were willing to ruin their site's UX.
That doesn’t seem to be how it’s been interpreted by much of the web, unfortunately.
Even respectable sites that I’m pretty sure aren’t doing “shady stuff” with data, like the BBC, make us suffer through multiple “consent” pop-ups. One particular BBC site I use requires clicking though 3 pop-ups before you can use the damn thing. It’s ridiculous.
If it was really meant the way you interpret it, then the law should have been more clearly written. As it stands, it seems everyone is so paranoid about it that they implement popups by default.
> That doesn’t seem to be how it’s been interpreted by much of the web, unfortunately.
Yes, I find this really frustrating too :(
> As it stands, it seems everyone is so paranoid about it that they implement popups by default.
I implemented compliance with the first "cookie law" at two different companies. At the first, all we changed was making the login screen's "remember me" tick box off by default. At the second, our sites were full of trackers, which the marketing department didn't want to remove, so I had to add popups.
I think companies are so used to tracking as much as possible, that they don't see any value in avoiding it; hence they're willing to absorb the cost of poorer UX (especially since they're not alone).
I don't know if this situation will change. It's certainly possible, e.g. if we treat data as a liability rather than an asset (which I've seen mentioned here a few times, in the wake of data breaches). I have no idea how it will play out, but at least things like GDPR are making spying more painful and costly, even if only a little bit.
Why? If I'm a site owner that wants to track where you come from and where you're going, even within my own site, then I have the right to ask you to gtfo if you don't like it.
Those are not evidence of a bankrupted economy. Yes, the pound has tanked, and yet strangely the economy is not bankrupt. You're entitled to believe a thing may come to pass, but don't be under the illusion it either has (it objectively has not) or definitely will (it probably won't)
