An aside - I loved the simplicity of the "do you accept our cookies" banner - it just has two buttons "accept" and "decline". Every other design is evil.
these banners are the BANE of the internet. Just block cookies yourself if you don't want them used. And if someone wants to track / fingerprint you their are myriad ways to do so. Why people love pushing these absolutely crazy interactions I don't get - it makes you realize how clueless and/or out of touch privacy advocates sometimes are.
My city website has so many popups / popover you have to accept EVERY single time you visit it is not usable on mobile. Accept / decline I don't care on cookies. And many websites just bump you off the website if you don't accept.
I'm serious - when you have ISPs selling your browsing history, addins and trackers and website profile tools live capturing your every mouse movement, are cookies the great evil of the internet that must drive a billion (?) click on "accept" every day?
My own solution - allow for an "I accept cookies" header - you set it ONCE on your browser and people owe you $100 if they show you a cookie popup. Now THAT would be a law I could get behind!
The current implementation is malicious compliance. The intent was to stop so many cookies being put on your computer without realising it or without reason.
I feel it is very dangerous to encourage us to accept clicking on things as the norm. The windows virus era taught us that was a very bad idea and now we have to click on nearly every website and accept things due to GDPR. This part of GDPR was really silly and a step backwards.
You can blame so much of it on the broken GDPR law. If you run a website, you have to put up a cookie banner. It does nothing - practically everyone just clicks accept.
Lawmakers are living in some imaginary universe where consumers read the terms and conditions of every website they visit. Their privacy laws are seriously out of touch. Or maybe they're designed purposefully to be that way.
I seem to recall this actually being a common but incorrect take on the cookie banner, my understanding is that no cookie prompt is necessary for basic site functionality (passing data between pages, user preferences, etc.). And actually a banner is only needed when the cookie use case is user tracking or could be used as such i.e could identify a unique visitor.
So most sites could choose to give up analytics (altough tbh the most important metrics would still be fine like daily page hit count, etc.) but it's easier to add the banner and blame GDPR.
But perhaps, once a company is a certain size their legal department just screams all day about needing a cookie banner? Also very possible.
GDPR has little to do with the cookie pop ups, which predate it. In any case, the cookie law allows essential cookies (Login, shopping cart etc) without consent (and GDPR allows data that is necessary for operation eg collecting your address to ship a product).
No, you don't have to put up a cookie banner if the cookies are essential to your website. For example, to handle logins or purchases.
If you include non-essential cookies (like, for example, tracking cookies set by two or three hundred advertisers), you must ask the user for their consent. The site must have "decline all" as the default option, and should continue to provide basic functionality when the user declines.
All the banners that don't have the opt-out option or making it difficult to opt-out willfully break the law.
You run a free website that survives based on advertising. This is essential for the website to continue to be viable. Are cookies essential then?
You run a shopping cart. As part of your fraud detection you put a fraud cookie beacon on every page. Is the fraud beacon essential?
As part of your product development / ab testing etc you track users on your website. Is this essential?
For affiliate link fraud control third parties want to have a cookie on your site that leads through to their clickthrough link. Essential?
Reality - you need to stick up a cookie banner to operate a website or get into long complicated legal arguments and face big liability. And that's what folks do, including practically every government agency.
This is illegal. You should have the opportunity to review the details and to cherry pick.
As a European profoundly attached to privacy and whatnot I think that there should be a special place in hell for the useless consultants and politicians who came up with this idiotic cookie law.
The best banner experience is to use "I don't care about cookies" (https://www.i-dont-care-about-cookies.eu/), and then simply block the cookies you don't want. I didn't even realize that this website had a "cookie banner".
Probably because if they can't give you a cookie then they have to give you a cookie warning on every page you hit. That's fine for sites where you are just reading an article and then leaving. I really find the whole thing so annoying and wish sites would just ignore that rule or allow a default-on setting in the browser that lets the vast majority of people who don't care about cookies one way or the other just default it to accept.
Actually the GDPR says this is what is legal. Two Buttons with equal accessibility for agreeing to the use of cookies or not. A single "accept" is unlawful. A submenu to select which cookies to block one by one is unlawful. A loading screen while "saving your preferences" is not just unlawful but you deserve to be whipped in public for creating that monstrosity.
Yeah! And this is the only legit way to do it if you actually follow GDPR. It has to be just as simple and easy to opt out as it is to opt in. But unfortunately most sites that rely on surveillance don't want to give an easy way to opt out.
I think the real answer is more banal than that: most sites just installed the first Wordpress/Drupal cookie banner plugin they could find, maybe themed it a little, and called it good.
Also, most sites would rather you accept cookies than not do so, that's why they're giving them to you. But I don't think most websites rely on surveillance in any meaningful way, the landscape is just guided by the ones that do.
There may be some like that. But studies have proven that 90%+ people say no to tracking when given a fair chance. So any site that monetizes with personalized advertising banners (or any site that uses tracking such as pixels for marketing purposes) doesn't want to give that fair chance as they would lose out on what they can do now.
