probably some silly thing like "people should have more rights and protections"
Rights and protections that have benefited heavily from an economy built on the alliance with the US.
If it weren't for American help and trade post-WW2, Europe would be a Belarusian backwater and is fast heading back in that direction.
Countries like Greece, Italy, Spain, Portugal, etc. show the future of Europe as it slowly stagnates and becomes a museum that can't feed it's people.
Even Germany that was once excelling is now collapsing economically.
The only bright spot on the continent right now is Poland who are, shocker, much less regulatorily strict and have lower corporate taxes.
> Countries like Greece, Italy, Spain, Portugal
PIGS, really? Some of the top growing EU economies right now, which have turned their deficit around, show the future of a slowly stagnating Europe?
A 200B economy growing 2% is the future of the EU? Yes that is the point I am making.
I've yet to find any rights and protections in these cookie banners.
The cookie banners are corps trying to circumvent the rights and protections. If they actually went by the spirit of the protections, the cookie banners wouldn't be needed. Your ire is misdirected.
Are you sure?
The ePrivacy Directive requires a (GDPR-level) consent for just placing the cookie, unless it's strictly necessary for the provision of the “service”. The way EU regulators interpret this, even web analytics falls outside the necessity exception and therefore requires consent.
So as long as the user doesn't and/or is not able to automatically signal consent (or non-consent) eg via general browser-level settings, how can you obtain it without trying to get it from the user on a per-site basis somehow? (And no, DNT doesn't help since it's an opt-out, not an opt-in mechanism.)
Everyone I know of will try to click "reject all unnecessary cookies", and you don't need the dialog for the necessary ones. You can therefore simply remove the dialog and the tracking, simplifying your code and improving your users' experience. Can tracking the fraction which misclicks even give some useful data?
My point was that according to the current interpretation, if they rely on cookies, user analytics (even simple visitor stats where no personal data is actually processed) are not considered "necessary" and are therefore not exempt from the cookie consent obligation under the ePrivacy Directive. The reason why personal data processing is irrelevant is that the cookie consent requirement itself is based on the pre-GDPR ePrivacy Directive which requires, as a rule, consent merely for saving cookies on the client device (subject to some exceptions, including the one discussed).
So you need a consent for all but the most crucial cookies without which the site/service wouldn't be able to function, like session cookies for managing signed-in state etc.
(The reason why you started to see consent banners really only after GDPR came to force is at least in part due to the fact that the ePrivacy Directive refers to the Data Protection Directive (DPD) for the standard of consent, and after DPD was replaced by GDPR, the arguably more stringent GDPR consent standard was applied, making it unfeasible to rely on some concept of implied consent or the like.)
User analytics that require cookies, sounds like tracking to me.
> like session cookies for managing signed-in state etc.
Maybe I'm reading it wrong, but are you saying that consent is required for session cookies? Because that is not the case, at all.
> (25) However, such devices, for instance so-called "cookies", can be a legitimate and useful tool, for example, in analysing the effectiveness of website design and advertising, and in verifying the identity of users engaged in on-line transactions. Where such devices, for instance cookies, are intended for a legitimate purpose, such as to facilitate the provision of information society services, their use should be allowed on condition that users are provided with clear and precise information in accordance with Directive 95/46/EC about the purposes of cookies or similar devices so as to ensure that users are made aware of information being placed on the terminal equipment they are using. Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment. This is particularly important where users other than the original user have access to the terminal equipment and thereby to any data containing privacy-sensitive information stored on such equipment. Information and the right to refuse may be offered once for the use of various devices to be installed on the user's terminal equipment during the same connection and also covering any further use that may be made of those devices during subsequent connections. The methods for giving information, offering a right to refuse or requesting consent should be made as user-friendly as possible. Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose.
https://eur-lex.europa.eu/eli/dir/2002/58/oj/eng
You should inform users about any private data you would be storing in a cookie. But this can be a small infobox on your page with no button.
When storing other type of information, the "cookie" problem needs to be seen from the perspective of shared devices. You know, the times before, when you might forget to log out at an internet cafe or clear your cookies containing password and other things they shouldn't. This is a dated approach at looking at the problem (most people have their own computing devices today, their phone), but still applicable (classrooms, and family shared devices).
there are analytics providers that don't require third party cookies, it's not hard to switch
The cookie consent provision under the ePrivacy Directive doesn't care whether they're first- or third-party. Actually, the way it's been worded, you'd arguably need a consent for (strictly non-"necessary") use of eg local storage, too — afaik this hasn't really come up in regulatory practice or case law, but may be more due to regulators' modest technical expertise or priorities.
A conceptually different matter altogether is consent (possibly) needed under GDPR for various kinds of personal data processing involving the use of cookies (ie not just the placement of cookies as such) and other technologies for tracking, targeting and the like. That's why you see cookie banners with detailed purposes and eg massive lists of vendors (since they can be considered "recipients" of the user's personal data under GDPR). In this context, a valid consent (and the information you have to provide to obtain it) is required (at least) when consent is the only feasible legal basis of the ones available under Art 6 GDPR for the personal data processing activities in question. This is where the national regulators have taken strict stances especially regarding ad targeting and other activities usually involving cross-site tracking, for example, deeming that the only feasible basis for those activities would be consent (ie "opt-in") — instead of, in particular, "legitimate interests" which would enable opt-out-like mechanisms instead. This is the legal context of looking critically at 3rd-party cookies, but unfortunately, for the reasons mentioned above, getting rid of such cookies might still not be enough to avoid the minimal base cookie consent requirement when you use eg analytics... :(
It's pretty ridiculous, I know, and it's a bummer they scrapped the long-planned and -negotiated ePrivacy Regulation which was meant to replace the old ePrivacy Directive and, among other things, update the weird old cookie consent provision.
As you said yourself, analytics are not necessary.
It's corpos trying to invade our privacy.
cookie banners are malicious compliance while we head towards the death of cross-site cookies, they are indeed a poor implementation but the legislation that lead to them did not come up with it
did you really prefer when companies were selling your data to third parties and didn't have to ask you?
Do you really think clicking "Reject non-essential cookies" does something?
EU regulation is often "you can not have the cool thing" not "the cool thing must be operated equitably".
I think they are more interested in protecting old money than in protecting people.
EU never just states "you can not have the cool thing". Please provide an example if you disagree.
It is very hard to create policies and legislation that protects consumers, workers and privacy while also giving enough liberties for innovation. These are difficult but important trade-offs.
I'm glad there is diversity in cultures and values between the US, EU and Asia.
I think usb-c and third party app stores are pretty cool
I think the government shouldn't be legislating that companies must use a specific USB connector.
Realistically the legislation was only targeting Apple. If consumers want USB-C, then they can vote with their wallets and buy an Android, which is a reasonable alternative.
It used to be the case in Europe that you couldn't use a washing machine made for Sweden in Norway. Everything was different. Every country had its own standards too, which had to certify your products. It was openly for protectionistic reasons.
EU got rid of that. It only makes sense that they don't let private companies start all that crap up again. If states don't get to use artificial technological barriers as protectionism, certainly Apple shouldn't be allowed to either.
They shouldn't be forcing people to use patented Qualcomm technology to access cellular networks either but here we are.
Realistically Apple's connector adds no value and if they want to sell into markets like the EU they need to cut that kind of thing out.
> Realistically Apple's connector adds no value
Like I said, usb-c is a regression from lightning in multiple ways.
* Lightning is easier to plug in.
* Lightning is a physically smaller connector.
* USB-C is a much more mechanically complex port. Instead of a boss in a slot, you have a boss with a slot plugging into a slot in a boss.
There was so much buzz around Apple no longer including a wall wort with its phones, which meant an added cost for the consumer, and potentially an increased environmental impact if enough people were going to say, order a wall wort online and shipped to them. The same logic applies to Apple forced to switch to USB, except that the costs are now multiplied.
Having owned both lighting and USB-C iPhones/iPads, I prefer the USB-C experience, but neither were that bad.
My personal biggest gripe with lightning was that the spring contacts were in the port instead of the cable, and when they wore out you had to replace the phone instead of the cable. The lightning port was not replaceable. In practice I may end up breaking more USB-C ports, we'll see.
I've worked with thousands of both types of cable at this point
> Lightning is easier to plug in.
according to you? neither are at all difficult
> Lightning is a physically smaller connector.
I've had lightning cables physically disassemble in the port, the size also made them somewhat delicate
> USB-C is a much more mechanically complex port.
much is a bit well, much... they're both incredibly simple mechanically — the exposed contacts made lightning more prone to damage
I've had multiple Apple devices fail because of port wear on the device. Haven't encountered this yet with usb-c
> The same logic applies to Apple forced to switch to USB, except that the costs are now multiplied.
Apple would have updated inevitably, as they did in the past — now at least they're on a standard... the long-term waste reduction is very likely worth the switch (because again, without the standard they'd have likely switched to another proprietary implementation)
It's hard to see the benefit in letting every hardware manufacturer attempt to carve out their own little artificial interconnect monopoly and flood the market with redundant, wasteful solutions.
We've had multiple USB standards for decades with no end in sight. Apple was targeted because they have the most high-profile proprietary connector and they were generally using it to screw consumers. Good riddance.
Like I said, if consumers don't want it, then they can buy Android phones instead.
> they were generally using it to screw consumers
You understand that there were lots of people happy with Lightning? USB-C is a regression in many ways.
I want to have USB-C and I want to have iPhone.
I’m very happy EU regulators took this headache off my shoulders and I don’t need to keep multiple chargers at home, and can be almost certain I can find a charger in restaurant if I need it.
Based on the reaction of my friends 90% of people supported this change and were very enthusiastic about it.
I have zero interest in being part of vendor game to lock me in.
Products are supposed to come with different tradeoffs. I want to have an Android and I want to have my headphone jack back. That doesn't mean that the EU should make that a law.
> Based on the reaction of my friends 90% of people supported this change and were very enthusiastic about it.
That is an absolutely worthless metric, and you know it.
Why bother arguing the point if you're not going to provide a single example.
Can you name specific examples? Otherwise, this just sounds like inflammatory polemic.