“Do Not Track” is a legally binding order, German Court tells LinkedIn::Landgericht Berlin gibt Klage des vzbv gegen die LinkedIn Ireland Unlimited Company weitgehend statt
GDPR was designed around the “Do not Track” browser flag, so that websites can get a semblance of consent using those annoying cookie prompts, with dark patterns like hiding the “Decline All cookies” inside the second page of the prompt, or using very small fonts and gray colors + very confusing language. and they have carried on with complete impunity for 5 years now.
Luckily in Germany the law states that at least the “Decline all cookies” button has to be in the same place as the “Accept all cookies” one. So at least the local sites are kind of easy to navigate.
Only problem at the moment are “Accept all cookies or buy a subscription” banners. But as far as I know the courts are inclined to side with the customers on this one as well.
I mean, most companies still don’t abide by it tho. There’s lots of sites where you can accept all cookies or you have to jump through a few hoops to decline the non essential ones.
Am I supposed to trust the company to correctly define ‘essential?’ Seems easy to weasel around and makes me nervous.
It’s almost certainly going to be litigated at some point, so a court is going to define “essential”… eventually.
I just open any site with one of those cookie-banners in a private window so that any cookie it creates will be deleted as soon as the window is closed.
Totally. If we’re going make real change with this we need hard enforcement that says “you must provide a default setting that can be set per browser” or something that avoids the entire need for sifting through their cookie menu to find out I left one turned on. But this is peak example of ineffective laws to govern the internet made by people who don’t have any experience in computer science. I’m sure we will continue to see “do not track is just a suggestion” messages continuously. Or the requirement for each individual website to specify what type of tracking in absurd detail.
Oh, I hope this goes to higher courts and cascades down to be an alternative to the stupid cookie banners.
Also, what exactly are “essential cookies”? Why does the website get to decide if they are essential?
To be fair, some websites do need certain cookies to function correctly. As a random example, if a user goes to their bank’s website, they’re more than likely not going to know what to enable/disable cookie wise so that the website is still functional for logging into their account. So I can understand lumping those actual essential cookies into one category in those instances. However, I agree that it’s almost certainly being abused.
Probably worth noting: Only things like non essential third party cookies need consent. Essential cookies for things like the users active session that are not shared don’t need a cookie banner.
Source: gdpr.eu/cookies
Yeah. And sites are still more than happy to show those in the popup, just to muddy the waters and make it more complicated than it needs to be. Same with “legitimate interests”.
And sites are still more than happy to show those in the popup, just to muddy the waters and make it more complicated than it needs to be.
As far as I see it, displaying information regarding strictly necessary cookies that do not require consent is good practice.
The website linked above states that “While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.”
I think the complicated part is mostly the deliberately bad UI that is often used for cookie banners. They purposefully use a bad layout and color scheme in an attempt to push the user to just click “Accept all”. As far as I understand if a websites only had strictly necessary cookies then I think they wouldn’t even need a cookie popup in the first place though and could simply list this information on a separate “Privacy Policy” page or such.
