This is bad but I’ve seen worse. One of the bigger networks has a ~20second “processing” stage when you opt out of these, as a punishment for not clicking “accept” (which works instantly)
They chose adhering to the legal requirements over the users, putting them right in the middle of the pack of literally all websites and companies run by more than an individual. You don't have to continue on to their site if you don't wish to.
The popup is, yes. But the legislation they are pretending to be compliant with isn't.
For basic session-level cookies that are essential to the operation of some sites, no legislation requires consent. The issues are third party tracking, long term use stalking, etc. But those that want to stalk you want you to believe that the legislation is against even session maintenance & similar cookies as well so you'll be against the legislation and not them. And that is apparently working on you and some others commenting in this thread.
Unfortunately it's not always reasonably possible to convince the client / legal team that a cookie banner is not needed in such case and the decision makers would rather be sure than care about the UX. Or so I heard.
This is understandable, though it shows a lack of legal understanding which could be worrying from a legal team, as there was a lot of scare-mongering when cookie-and-other-tracking legislation was a significant talking point.
Also, largely due to the same anti-anti-tracking voices making spurious claims of what would happen, some put the warning up not because they think they need to, but to avoid having to argue that they don't need to if a complaint is made.
It might be just them refusing to look into it and covering their asses, because they don't care if there is an unnecessary cookie banner.
But to be fair the stories I have heard were something along the lines of: a freelancer making a website for a local restaurant and being unable to convince the restaurant owner, because the owner's nephew said that the cookie banner must be there.
And you can just not use the website. Then no data is hoovered. I actually think this is probably the best system. It's double opt-in. If you both commit to your sides, you both sign the deal and get what you want. If neither of you wants to do it, you can both just not sign the deal.
The trouble is that popups like this don’t even comply with the relevant legislation. (Which is the ePrivacy Directive after the 2009 amendment, though people largely ignored this part of it until the advent of the GDPR which came into force in 2018. Simplified, ePD says “most cookies must be opt-in”.)
If anything, putting such wildly non-compliant popups should make you more liable to punishment, because it undermines an argument of ignorance.
I suspect if you access the site from an EU IP address you’ll see an option besides “Accept All”. The layout [0] even seems to leave room for where this other button might be.
edit: looking at the code I even see references to a “Reject All” button as well as an XHR request to a geolocation endpoint.
I walked away from the site on first visit due to "accept all" being the only option. Nipped back just to check after seeing your post while checking replies to my earlier comment, and wondering if the site is deliberately treating the UK differently. It turns out only-accept-all is the default and if the geolocation lookup fails (apparently that service is blocked by my pihole, it works if on mobile without home VPN) no reject option is present.
A bit of bad design there, not failing safe, if there intention is to be compliant with stricter laws, because a failure in an external dependency makes the site less compliant.
so apparently they only care about your privacy if you are a citizen of the EU?
And that just brings up the question again: why show the popup to non-EU viewers if the only option is to accept the cookies. It isn't even effective as a form of protest because those viewers have even less influence over EU regulations than EU citizens.
> so apparently they only care about your privacy if you are a citizen of the EU?
No, they care about being minimally compliant and laws vary.
A number of places have legislation that just says "users much opt in" but the EU has legislation that says "users must opt-in, but cannot be forced to opt-in by there being no opt-out option".
They don't care about your privacy at all, no matter where you are, if any claim otherwise is made it is a lie.
I was being sarcastic. I was referring to the fact that the on the EU dialog it said "we care about your privacy", but in the dialog I got in the US it didn't. And was thus implying that despite their claim, they do not care about anyone's privacy.
I recently realized you can bypass cookie auth requests by toggling reader. Led me to wonder what the EU plans on doing to enforce compliance if JavaScript isn’t enabled, for example. Kind of makes the legal obligations of sites more or less impossible to fulfill under some limited circumstances.
There has never been a point to cookie popups, as with most things resulting from technically-illiterate politicians trying to help with technology matters.
Their ideas are at best slightly lower-quality than the results of letting my 2-year-old wash the windows.
On small displays this is otherwise obstructed by a cookie popup that offers only an “accept all” button. What’s even the point of the popup then?