The “Accept all” button is often the standard for cookie banners. An administrative court has ruled that the opposite offer is also necessary.
Lower Saxony’s data protection officer Denis Lehmkemper can report a legal victory in his long-standing battle against manipulatively designed cookie banners. The Hanover Administrative Court has confirmed his legal opinion in a judgment of March 19 that has only just been made public: Accordingly, website operators must offer a clearly visible “reject all” button on the first level of the corresponding banner for cookie consent requests if there is also the frequently found “accept all” option. Accordingly, cookie banners must not be specifically designed to encourage users to click on consent and must not prevent them from rejecting the controversial browser files.
Also, require its html tag to have an attribute “data-legal-reject” or something like that so we can have browsers auto reject all that shit - while keeping necessary ones.
Better yet, attach this at the protocol level. “X-Cookie-Policy: ImportantOnly” or something like that.
Yeah, there’s no reason why this should be anywhere except the browser level.
Just a bunch of idiots that have no idea how shit works.
If they can reject all, but can’t stay logged in after trying to navigate the site, who’s fault is that?
but I can already here, but you can work around that
Guess what? The workaround is tracking. we’re just re-inventing cookies.
This is about the option to reject cookies, not getting rid of them.
The irony made me exhale a burst of air from my nose before closing the page, never to return.
Basically every cookie acceptance agreement popup is just a 404 to me. No webpage has important enough information anymore for me to sign any kind of agreement. It’s absurd. If you passed by a shop and wanted to go in and purchase something, but a clerk stopped you at the door and made you sign a fucking agreement that store would die in a month.
deleted by creator
Can we ban the “Pay to have privacy” option as well.
Fuck every site that tries to pull that shit.
Whatever notions of privacy we used to have are all going to crumble as the newest AI tools come online for prying open people’s profiles and predicting their behavior, their locations, their personal habits and spending, their health and family and relationship statuses, simply by analyzing a few patterns in your search terms and cookies.
From that information, these same monsters are going to be able to target you specifically with the kind of manipulative effort that previously would involve teams of people working around the clock to derive methods for influencing a single target. But it will be doing it on mass-scale, putting that same kind of effort into influencing millions and millions simultaneously.
And we all have vulnerabilities. The more invulnerable you think you are, the more likely you are to be subtly shifted by long-term, 3-dimensional tactics for changing the way you think and feel. Be it the way you think and feel about the latest flavor of PRIME energy drink, to how you think and feel about genocide.
We have to get off the fucking internet.
Pay or OK is banned.
It’s not banned. Meta isn’t allowed to use that option, because it has monopoly power. IE in the view of the court, you can’t avoid using Meta. For any ordinary site, there is always the option to refuse either and leave.
The scope of this opinion is indeed limited to the implementation by large online platforms (which are defined for the purposes of this opinion)
Make it opt-in where you must purposely click somewhere. And just hide that away where they have their unsubscribe button.
It is opt-in, if you don’t choose any option on the banner it’s the same as choosing reject all. So, the best option is uBlock Origin with the “Cookie notices” filters enabled.
afaik the wording of the gdpr says that rejection must be as easy as acceptance
Not just “as easy” but “at least as easy”. The assumption should be that the user does not consent. And there have also been a few cases where the courts have - quite rightly - rules that “pay for privacy” offers aren’t good enough.
i thought the pay or consent stuff was DMA though?
A disgusting behavior that I’ve seen in Spain is for websites to direct you to their subscription page if you say you don’t want to be tracked, either you pay for the content or you don’t get any content. Apparently the Spanish courts have deemed this legal.
If you use uBlock Origin, add the following rule:
* privacy-center.org * blockThis kills 99 % of the “accept or pay” modals, an you can still access the page normally.
The kind of stupid shit societies have to invest money in. Don’t get me wrong, it’s good news, it’s just baffling that money had to be invested in order to get these bastards to do the civil thing.
‘its baffling in a capitalist society, corporations do everything they can to squeeze the most money out of their users with zero regard for the users wants or needs, and do whatever they can to skirt legal obligations that protect consumer privacy and security’
Yeah. I’m baffled.
We and our
908partners store and access personal data, like browsing data or unique identifiers, on your device.Absolutely, we need a Reject All button!
deleted by creator
And it should include this mysterious ‘legitimate interest’, or whatever it is called - always on by default in ‘my choices’, even though no one seems to be able to explain what this means. How can I make an informed consent on something that vague?
On the other hand, not ‘Reject All’, but ‘Reject All except functionally necessary’ (which should be precisely regulated by the law), otherwise there will be no cookie to remember our ‘reject all’ choice, which I am sure the corpos would happily use do discourage us from clicking that.
Okay, so I’m going to copy-paste an answer I got from someone I know who works in a legal department:
Basically, Legitimate Interest lets them track you as if you clicked Accept All, then subsequently they can decide if they think you would benefit from the tracking by their own metrics, which includes things like targeted advertisting which, of course, they do. So “Legitimite Interest” really means “Reject, But Actually Accept”.
Rejecting cookies without asking every time requires a cookie and that is clearly legitimate interest. The problem with legitimate interest is that it’s not well defined enough and then you have companies claiming that Adsense personalization is an absolute necessity for their website.
But that would be cookie for the website I am visiting, not for a dozen of ‘partners’. And these are the ‘legitimate interest’ on-by-default switches I am talking about.
That’s were the ambiguity comes into play. The laws related to cookies want to allow things like cookies for fraud prevention and antibot protection, the problem starts when the business people say the personalised ad revenue makes it legitimate and the developers and product managers decide that having a bazillion trackers making their job a little easier makes it absolutely essential.
That shit makes me so mad. What the fuck is legitimate interest if not the cookies which are set anyway to make the site function It’s just purposefully misleading.
I’m sure “functionally necessary” already means we share your data with everyone because we setup a system where the local page state is managed by third parties that we are selling your data to.
the “functionally necessary” cookies, which are served by the site itself (e.g. not a third party), do not require a banner at all. if you have no third party cookies, you can do entirely without it.
I have also seen on some websites that you have to pay them through subscription if you want to reject all cookies
Pretty sure that’s illegal AF. Report them?
Will do when I encounter any more
Literally saw one with 1300+ the other day, thought I was going insane 😳
Have to individually reject each and every fucking “partner.”
Cookie banners need to piss off forever. You may set some functional cookies only if I log in.
what about color scheme cookies?
You may set some functional cookies only if I log in.
No one cares about that
websites should be allowed fun and whimsy
Another layer of annoying on a massively stupid piece of legislation that has made the internet immeasurably worse for everyone.
These preferences should be settable in the browser, transferred during http* connection and honoured by every single website you use.
Any changes that marketeers come up with should be ratified in the same way that changes to internet protocols are, and if the browser doesn’t support them yet, they are assumed “do not”.
How is this a problem with the legislation? Do you honestly think your privacy was respected before the law demanded that websites tell you about how they violate your privacy?
Web browsers DO have this as a universal setting, Do Not Track, but websites choose to ignore it beacuse it doesn’t benefit them to respect your right to privacy and treat you with the respect due to a functioning adult.
The legislation was a massive win for everyone except the predatory manipulators.
That’s exactly my point.
The legislation, from the start, should have upheld the do not track and similar settings in browsers. Require websites to check and honour those flags.
Instead, we get some half-arsed requirement to add cookie banners to every website under some vague threat of prosecution (which never seems to happen unless you’re a social media giant) that inconveniences every single user, and often more than once.
This here, now, is a tiny bandage on a gaping wound caused by not doing what was required in the first place.
Ah yes, stupid legislation ruined cars, now I my entire trip is ruined since I have to buckle up my seatbelt at the beginning of a trip.
I recently started to use “I still don’t care about cookies”. So far so good.
The issue about that extension is this:
When it’s needed for the website to work properly, it will automatically accept the cookie policy for you (sometimes it will accept all and sometimes only necessary cookie categories, depending on what’s easier to do).
It will often just accept the cookies as is.
This and Consent-o-matic
Fuck you pieces of shit.
Go track this:
I usually just do this:
:max_bytes(150000):strip_icc()/Minimize-Concept-Buttons-3fa9d8fe7b634802bc5de955a0092b2f.jpg)
Heh
Heise Group, you greedy cocks.
Here’s a version of that article that doesn’t deliberately
breakskirt as far as legally possible EU privacy law: https://archive.ph/ZTt3KHeise is not breaking EU law with this. The law states that there must be an option to reject all cookies, whether it’s a paid option or not is up to the site.
This is no longer true thanks to a ruling by the European Data Protection Board.Hang on, I was misreading. I believe there’s been a recent ruling, but this one ain’t it.
EDIT: See pages 39 and 40.
Here, it seems as though no “equivalent alternative” is provided under these criteria. It seems to me like consent-or-pay is heading toward an eventual ban, but Heise makes it clear on their website you can consent, pay, or leave – i.e. not an “equivalent alternative” to my mind.
EDIT 2: Okay, upon reading these criteria further, it seems like this isn’t a violation of EU law but that it’s reaaaally close and that the EDPB really hates consent-or-pay as a loophole and wants it to die as soon as possible. If not breaking the law, it’s still an ethical nightmare, so the first line of my comment stands: “Heise Group, you greedy cocks.”
so the first line of my comment stands: “Heise Group, you greedy cocks.”
Fair enough :D
A friend of a friends relative’s 2nd cousin mentioned that pornography sites have been surprisingly compliant about this, already.
FINALLY! I was wondering how long it’d take for people to act upon the fact that Permission prompts have become THE biggest digital grift. The answer: way too fucking long!
