EDIT: I didn't realize the anger this would bring out of people. It was supposed to be a funny meme based on recent real-life situations I've encountered, not an attack on the EU.
I appreciate the effort of the EU cookie laws. The practice of them just doesn't live up to the theory of the law. Shady companies are always going to find a way to be shady.
- This was not about cookies, but processing of personal data and new definitions of such data. Cookies was just an example.
- By those laws, forcing user to consent with denying access to the service is declared illegal.
Not allowing users to access a service at all unless they accept cookies is often against GDPR. See: Can we use 'cookie walls'?.
To quote:
In some circumstances, this approach is inappropriate; for example, where the user or subscriber has no genuine choice but to sign up. This is because the UK GDPR says that consent must be freely given.
If your use of a cookie wall is intended to require, or influence, users to agree to their personal data being used by you or any third parties as a condition of accessing your service, then it is unlikely that user consent is considered valid.
The key is that individuals are provided with a genuine free choice; consent should not be bundled up as a condition of the service unless it is necessary for that service.
These cookie banners often violate all sorts of GDPR rules even more explicitly than this example. For example did you know it's not allowed to have pre-ticked boxes on cookie popups for non-essential cookies?
IIRC the EU also ruled that burying the rejection options under additional links counts as a violation. Hence why Google now has a Reject button next to the accept button. Most sites still do that.
Do you know if there is a EU-wide place to report such behavior?
The biggest privately owned TV channel in my country not only does that, but actually just redirects you to a pdf file if you want to "manage cookies". And it's not like I can submit a complaint on a national level, as the ruling party's website uses google analytics without a cookie notice at all.
I think you report to your nation's Data Protection Centre, each member has their own that takes the reports. If I was still in the EU I would have put more time into finding out how reports work.
Yes this would make sense.
Quote from "What methods can we use to obtain consent?":
If you are asking for consent electronically, consent must be “not unnecessarily disruptive to the use of the service for which it is provided”. You need to ensure you adopt the most user-friendly method you can.
For a website, hiding rejection behind a link should class as "unnecessarily disruptive". If you can provide consent with the press of a single button then rejecting should also be the press of a single button.
I encounter something similar to this often.
There's a lot of cookie banners where "Accept All Cookies" is a single button but in order to reject cookies you have to press a "Manage Cookies" link which will have something similar to a "Reject All Cookies" button in it.
It's very annoying.
Yeah this is very common, I don't know why other people on here are gaslighting like it doesn't happen. It's this way for major sites like YouTube/Twitter/Twitch/etc too. Hell even embedding a YouTube video on a site is violating GDPR. It's a good idea, but needs a version 2.0 patch to fix some exploits.
even worse offenders are the ones with tick boxes for "Legitimate Interest", since legitimate interest is another grounds for processing (just ads freely given consent is one), the fact you got a "tick" box for it makes it NOT legitimate interest within the confines of the GDPR.
it also doesn't matter what technology you use whether its cookies / urls / images / local storage / spy satellites. its solely about how you use the data..
I'm pretty sure breaking your website with no cookies is against the rules, actually. It's either serve the EU with GDPR-compliance or GTFO entirely.
Yeah, you could still just break the law, but as usual there's a cost to that one way or the other.
this. and honestly I wish more websites followed the "serve under gdpr or don't have a European marker". A random blog once wasn't available in the EU because of GDPR. And you know what? It's better than them violating GDPR and the EU doing nothing.
I refuse to go to sites that do this, I also refuse to go to sites that block adblock...and specially the sites that detect and block private browsing, that one shouldn't even be a thing
Sites that block adblock - I have network based filtering I'm not going to take the time to specifically figure out what ad providers you're using (which is probably that same as everyone else) just to unblock your shitty site.
Hilariously, I find the Pi-hole feature "disable for 5 seconds" often works because it'll be down for long enough to load the page but not the ads.
