Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Let us hope the best. This must have happened already ten years ago.

The EU seem to stopped fighting against misuse of power in IT. Only when a competitor has money fight?

On the other end we have this awful Cookie-Directive. A disaster and misuse is now on even worse.



The Cookie directive being awful for end-users has nothing to do with the EUs actual legislation, it's a case of scummy companies maliciously trying to not comply with it.

The legislation is really good actually; it orders sites that want to place tracking cookies (Google Analytics for example relies on this) to request consent from the user before they're allowed to do so. That's all it requests.

This could easily have been implemented in any number of user-friendly ways - ie. Store one cookie for Google Analytics as a whole that is just "I don't consent", that would have been enough to comply. Just check "did user consent or not". If they didn't, then don't show the popup on any site using Analytics. Problem solved, consent obtained and/or rejected.

The reason it's so obnoxious is because these businesses know that if they start being honest with what's being tracked, they'll lose a shitton of income (Facebook reportedly lost 12 billion just because Apple allowed users to randomize their advertisement ID). They don't want that, so now CJEU has to slowly but surely beat actual compliance into them.

Nowadays you have to have an opt-out option that should be as easy as not opting in (so no more "50 million tracking slider" nonsense), the opt-out option can't be obnoxious to find and click, the opt-in button may not receive extra promotion compared to the opt-out button and so on. The only step that's not yet complied with is that if the user indicates that they just don't want tracking period, then they shouldn't track at all (basically enforcing the good old DNT header).


> The legislation is really good actually; it orders sites that want to place tracking cookies (Google Analytics for example relies on this) to request consent from the user before they're allowed to do so. That's all it requests.

The problem is that “tracking cookies” is defined so broadly that it can be interpreted as nearly any kind of cookie, and risk-averse legal teams want to make sure they have all their bases covered.


Even the EUs own government websites don't implement the cookie directive nicely.


The cookie directive is great. The fact that companies decided to maliciously comply is on them, not the law.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: