Yes, This Site Uses Cookies, Because Nearly All Sites Use Cookies, And We're Notifying You Because We're Told We Have To

from the even-though-it's-silly dept

If you're visiting our site today (and I guess, forever into the future if you don't click "got it") you will now see a notification at the bottom of the site saying that this site uses cookies. Of course, this site uses cookies. Basically any site uses cookies for all sorts of useful non-awful, non-invasive purposes. We use cookies, for example, to track your preferences (including when you turn off ads on the site, which we let you do for free). In order to make sure those ads are gone, or whatever other preferences stay in place, we use cookies.

For the last few years, of course, you've probably seen a bunch of sites pop up boxes "notifying" you that they use cookies. For the most part, this has to do with various completely pointless EU laws and regulations that probably make regulators feel good, but do literally nothing to protect your privacy. Worst are the ones that suggest that by continuing on the site you've made some sort of legal agreement with the site (come on...). These cookie notification pop ups do not help anyone. They don't provide you particularly useful information, and they don't lead you to a place that is more protective of your actual privacy. They just annoy people, and so people ignore them, leave the site, or (most commonly) just "click ok" to get the annoying bar or box out of the way to get to the content they wanted to see in the first place.

Here's the stupendously stupid thing about all of this: you are already in control. If you don't like cookies, your browser gives you quite a lot of control over which ones you keep, and how (and how often) you get rid of them. Some browsers, like Mozilla's Firefox Focus browser, automatically discard cookies as soon as you close a page (it's great for mobile browsing, by the way). Of course, that leads to some issues if you want to remain logged in on certain pages, or to have them remember preferences, but for those you can use a different browser or change various settings. It's nice that the power to handle cookies is very much up to you. We here at Techdirt like it when the control is pushed out to the ends of the network, rather than controlled in the middle.

But, because it makes some privacy regulators feel like they've "done something", they require such a pointless "cookie notification" on sites. Recently, one of our ad providers told us that we, too, needed to include such a cookie notification, or else we'd lose the ability to serve any ads from Google, who (for better or for worse) is one of the major ad providers out there. We did not get a clear explanation for why we absolutely needed to add this annoying notification that doesn't really help anyone, but the pleas were getting more and more desperate, with all sorts of warnings. We even asked if we could just turn off the ads entirely (which would, of course, represent something of a financial hit) and they seemed to indicate that because we still use other types of cookies (again, including cookies to say "don't show this person any ads"), we had to put up the notification anyway.

The last thing we were told is that if we didn't put up a cookie notification within a day, Google would "block us globally." I'm honestly not even sure what this means. But, either way, we're now showing you a cookie notification. It's silly and annoying and I don't think it serves your interests at all. It serves our interests only inasmuch as it gets our partner to stop bugging us. Don't you feel better?

You can click "got it" and make it go away. You can not click it and it will stay. You can block cookies in your browser, or you can leave them. You can toss out your cookies every day or every week (not necessarily a bad practice sometimes). You're in control. But we have to show you the notification, and so we are.

Filed Under: advertising, control, cookie notification, cookies, eu, preferences, privacy, privacy theater, silly pointless regulations, silly regulations
Companies: techdirt


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 21 May 2020 @ 5:48pm

    No Javascript browsing

    So... question.

    Do your cookies land on my computer even when I am using NoScript to block all JavaScript (on virtually ALL sites, so don't feel singled out)?

    If the answer is no, could I ask a modification of your cookie notice? ... that it require JavaScript to cause it to be displayed?

    Or are Google's robots just stupid enough not to be able to make that leap?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2020 @ 7:48pm

      Re: No Javascript browsing

      The Techdirt homepage tries to set a cookie unconditionally when I open it.

      I don't know if it's because I'm blocking cookies or don't have JS enabled, but the "GOT IT" button leads to an infinite redirect loop.

      reply to this | link to this | view in chronology ]

    • icon
      Mike Read (profile), 22 May 2020 @ 2:31am

      Re: No Javascript browsing

      Cookies do not require JavaScript to be set. In fact it's even something of a headache to set a cookie via JavaScript, whereas many server-side languages it's a one-liner.

      So... Your Noscript is almost certainly not blocking cookies.

      Source: Web developer for 10+ years.

      reply to this | link to this | view in chronology ]

    • identicon
      Guy, 22 May 2020 @ 7:56am

      Re: No Javascript browsing

      Cookies are set and sent in HTTP, not Javascript.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2020 @ 5:53pm

    The phrase "got it" is most rude. "Got It!"

    reply to this | link to this | view in chronology ]

    • identicon
      stine, 22 May 2020 @ 4:36pm

      Re: GOT IT

      How about a 2nd button that says "Don't Give A Fuck" because all of the data that can be captured for a cookie can be read out of your servers logs. And if you have a cdn that's in the EU, then you'll need a button that denies you permission to set cookies.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2020 @ 6:06pm

    As a webmaster and web user it's a pointless legislation. As a webmaster I add a bit of code and extend the privacy policy some what. I make sure the consent is placed on the screen in such a way that you can still read the content whether you consent or not.

    As a web user it's a damn pain in the arse (I'm from the UK, so arse). No one looks at the policy that each website has implemented. It just slows my pace around the web and does nothing more. End of.

    reply to this | link to this | view in chronology ]

    • icon
      R.H. (profile), 22 May 2020 @ 9:57pm

      Re:

      There's literally a filter for uBlock Origin that blocks cookie acceptance scripts. I don't know if it accepts them or rejects them by default but, I generally don't see them at all.

      reply to this | link to this | view in chronology ]

    • identicon
      Cerberus, 25 May 2020 @ 8:27pm

      Re:

      What it does do is make everyone aware of how pervasive the use of cookies is, and of privacy as an issue in general. It makes people have a negative association with cookies (cookies = annoying pop-ups). That is the only good thing. Otherwise I agree with you. A new European law is coming that forbids sites from forcing users to accept cookies in order to view the site (except truly functional/necessary cookies, which concept is defined in detail in the regulations). This should help a bit more.

      reply to this | link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 21 May 2020 @ 6:07pm

    Cookie Preferences

    I prefer chocolate chip, or pecan sandies, thank you very much. Though macaroons would do in a pinch. Can you accommodate me, daily? A dozen would do nicely.

    reply to this | link to this | view in chronology ]

    • icon
      Rico R. (profile), 21 May 2020 @ 6:18pm

      Re: Cookie Preferences

      Sorry, Techdirt only offers oatmeal raisin cookies... The flavor no one ever asks for but is always offered, just like the useless cookie notification that I had to dismiss twice!

      reply to this | link to this | view in chronology ]

      • icon
        Anonymous Anonymous Coward (profile), 21 May 2020 @ 6:31pm

        Re: Re: Cookie Preferences

        I don't mind oatmeal raisin, in fact my cardiologist prefers them. Fuck my cardiologist. :-)

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 May 2020 @ 8:30pm

        Re: Re: Cookie Preferences

        You got served oatmeal raisin cookies?

        All I got are cow cookies, and they're not very tasty.

        I intend to keep six feet or two metres away from the lot of you until all of this blows over.

        reply to this | link to this | view in chronology ]

  • identicon
    Jamie, 21 May 2020 @ 6:16pm

    You know what? Fuck a bunch of Google and other sites that make arbitrary demands on short time frames.

    I mean, it doesn't cost me anything because I tell Google to go away in my robot.txt already. But these "dance, monkey, dance" demands drive me nuts.

    To the PM who is worried about getting this done by whatever deadline you're afraid will hurt your bonus: I hope you stub your toe.

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 21 May 2020 @ 6:29pm

      Re:

      You do realize that it is the EU putting pressure on Google to put pressure on everyone else that is causing this, don't you? It is evidenced by the uselessness of other EU edicts, whereby this fall right in line.

      reply to this | link to this | view in chronology ]

      • identicon
        Jamie, 21 May 2020 @ 6:34pm

        Re: Re:

        I'm aware of the legal pressures. But no court in the EU told Google to give small sites 24-hours-or-else-notices.

        See, responsible adults deal with unreasonable demands by sorting things out and trying to do the right thing. And then there's people like this, who make it someone else's problem.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 May 2020 @ 7:56pm

        Re: Re:

        You realize the EU doesn't have jurisdiction to determine how Google treats companies based in the US in how they interact with US users visiting their website from the US, right?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 May 2020 @ 8:27pm

          Re: Re: Re:

          The US seems to think their jurisdiction extends worldwide. FATCA is one prime, steaming example... their abuse of trade pacts to dictate copyright law to other countries is another. I doubt that you'll get much sympathy abroad by claiming US sovereignty is in some way being infringed if the US has zero respect for the sovereignty of anyone else.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 May 2020 @ 8:35pm

            Re: Re: Re: Re:

            If you or your company benefits from the infrastructure of this country including the postal service, you are expected to pay a percent of your income back to the country to help keep it going for next year. By hiding part of your income in offshore accounts, you are trying to have your cake and eat it too.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 21 May 2020 @ 8:55pm

              Re: Re: Re: Re: Re:

              You're missing the point. FATCA is being applied to dual citizens of other countries while they're living in those other countries. For instance, Canada's leader of Her Majesty's Official Loyal Opposition would be one of many directly in FATCA's crosshairs. Who delivers his mail? CanadaPost.ca - not USPS - so why should he be part of your tax base when he does not live in your country and your government provides him nothing?

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 22 May 2020 @ 5:28am

                BECAUSE! -- WE CAN!

                BECAUSE!

                WE CAN!

                The basic psychology of several major different (meaning not connected) groups is world hate, world dominance, world control, and world slavery under their elitist guidance. The belief that they are exceptional which means that the world should bow down to their expertise.

                The problem comes about just as the German / Russian problem came about in who is going to be in control and whose psychology is going to dominate. The groups violently do not agree on who is going to be in control while they have a confluence of interest in maintaining the (social, financial, political) system.

                For the past 100 years eugenics in one form of another has been the guiding thought pattern of the elitist. Do, believe, and say what we, your superiors, say or OFF with your head. Combine this with the elitist control of government and you have a perfect fascist thought and agenda.

                For a good description read "1984".

                As in "1984" fascist masquerade as communists which leads the unenlightened to believe that the US is a democracy where individual thought counts not realizing the very platforms such as Google, Facebook, Amazon, et are are owned and controlled by the fascists elitist who are screaming that they are communists the loudest.

                When you have a $100 billion(US billion) you have to have this someplace. You can own property - land and money (gold, silver) but they do not produce wealth. You produce wealth by controlling companies.

                Note the word control. Here is an example. The Big W a company (now defunct) once had three classes of stock: Class A and Class B Preferred and Class C Common. Each class of stock elected 1/3 of the board of directors. There was 100,000 class A shares; 10 million class B shares, and 200 million class C shares. Total control equal ownership of 50,001 of class A plus 5 million and 1 shares of class B. This was owned by one individual. And! As far as what the owners of the 200 million shares thought - How was that relevant?

                With 100 Billion multiplied in such a fashion over a number of major companies and their shares owned by foundation and non government agencies you have world control and the New World Order of facist complete total control of the world elitist.

                And as far as the socialist and communists go who cares they have no real power. If they had real power they would be fascists.

                reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2020 @ 6:26pm

    I'mjustheresoIdon'tgetfined.gif

    reply to this | link to this | view in chronology ]

  • icon
    smbryant (profile), 21 May 2020 @ 6:44pm

    This sort of thing makes me want to toss my cookies....

    reply to this | link to this | view in chronology ]

  • icon
    Mononymous Tim (profile), 21 May 2020 @ 7:23pm

    Thanks a lot EU, now I have ANOTHER cookie.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2020 @ 7:30pm

    Can i have a permacookie that makes sure i don't have to click ok again?

    nom nom nom

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2020 @ 7:53pm

      Re:

      The webmaster helpfully gave the annoying position:fixed (ewww!) bar an id of "cookienotice", so you could permanently hide it with a stylesheet. This would work regardless of any cookies you stored, since it would be a purely client side fix to this bit of obnoxiousness.

      I think this should work:

      #cookienotice{ display: none }

      In the meantime, a request to the site master: mind naming and shaming the idiots who pushed you to do this? I find the banners annoying on principle, and I especially hate position:fixed banners because most browsers seem to get stupid when trying to use a full-page scroll jump in conjunction with fixed banners.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 May 2020 @ 9:45pm

        Re: Re:

        Actually, i just want the cookie so i can permanently store it while other cookies which do not interest me or which i reject may be deleted.

        Not that css isn't fun sometimes. Bad scripting practices, on the other hand, such as you have mentioned, should be killed with fire.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2020 @ 7:45pm

    Recently, one of our ad providers told us that we, too, needed to include such a cookie notification, or else we'd lose the ability to serve any ads from Google, who (for better or for worse) is one of the major ad providers out there. We did not get a clear explanation for why we absolutely needed to add this annoying notification that doesn't really help anyone, but the pleas were getting more and more desperate, with all sorts of warnings. We even asked if we could just turn off the ads entirely (which would, of course, represent something of a financial hit) and they seemed to indicate that because we still use other types of cookies (again, including cookies to say "don't show this person any ads"), we had to put up the notification anyway.

    Your ad provider told you that their policy requires you to show a cookie notice, even if you cease to do business with them? I guess I haven't "got it".

    Can you stop trying to set cookies until someone tries to customize the site? My browser shows a "set-cookie" header when just opening the Techdirt home page. I hadn't tried to do any of the stuff you said you use cookies for.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2020 @ 7:55pm

    I almost exclusively interpret those cookie notifications as malicious and hide them every time I visit a website instead of click them. I don't understand the legalese but I do understand that I lessen the likelihood of unknowingly entering into a contract adverse to my interests if I NEVER click okay.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 23 May 2020 @ 6:26am

      Re:

      A few sites (though increasingly many) do what the Commission originally intended, giving the choice to accept or reject each cookie along with an explanation of what it is used for (so you can reject everything except session login cookies, for example). The GDPR also requires personal data to be used only for the purpose for which it was ostensibly collected. The guardian was one of the first to do the specific purpose notices as intended, and IEEE does it as well.

      The commission put a requirement to do that in the first draft, but lobbyists got at the bill and watered it down to the pointless notices.

      What would help is putting a requirement to use fixed IDs within a domain so your browser can remember which ones you rejected and automatically reject them in future.

      reply to this | link to this | view in chronology ]

  • identicon
    Glen, 21 May 2020 @ 7:56pm

    I'm trying to decide if I want a sugar cookie with pink frosting or a peanut butter cookie. Both are winners in my book.

    reply to this | link to this | view in chronology ]

  • icon
    sumgai (profile), 21 May 2020 @ 8:01pm

    'Sfunny, I don't see any such notice. Perhaps AdGuard is earning its keep after all.

    The rest of what I have to say is just so much blathering of an old curmudgeon, so I'll get off of your lawn now.....

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2020 @ 8:02pm

    Mike,

    Based on how you wrote your article, it sounds as if the ad provider (rather than Google themselves) said you'd be blacklisted from Google if you didn't put the cookie notification banner. Is this true or am I misreading things?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2020 @ 9:49pm

      Re:

      I think idiots like to escalate things, whether true or not. Maybe they think the G would delist td and then selling adspace on td would be lost. Or maybe just someone trying to be helpful, the way that sometimes goes. Pretty sure you read it correctly.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 May 2020 @ 10:14pm

        Re: Re:

        An Ad Provider (that isn't Google) threatening a Google Blacklist is something that should be looked into and reported on.

        reply to this | link to this | view in chronology ]

        • icon
          Mike Masnick (profile), 22 May 2020 @ 1:08am

          Re: Re: Re:

          The ad provider told us that we'd be "blocked on Google globally." We asked for clarification as to what this meant, and we did not get it. Just more urgent pleas to please put up the notice. We've been talking to them for a while trying to get clarification and we've been unable to get any real clarity beyond "this needs to be done." It's been very frustrating.

          And, yes, the immediate reaction of some people is "find a different ad provider." And, we're always on the lookout for a better ad provider, but honestly, every time we experiment with one they're terrible. Our current partner, at least, has done a good job keeping terrible ads off the site (or getting rid of them if any sneak through). Every other provider we've tested promises only good ads, and then immediately fills the site with filth and junk and we have to get rid of them.

          So, yeah, if there's a good ad provider out there, we'd love to go with them. It's just not easy to find.

          Either that or we just get rid of ads altogether, which honestly, I'm tempted to do. Though, that would leave a decent sized hole in our budget.

          reply to this | link to this | view in chronology ]

          • icon
            bhull242 (profile), 22 May 2020 @ 8:20am

            Re: Re: Re: Re:

            Basically, you had to go with the least bad. I hate when anyone has to deal with those sorts of decisions, but what can you do? 🤷‍♂️

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 22 May 2020 @ 11:45am

            Re: Re: Re: Re:

            I do understand that conundrum. I'm just curious from what position of influence an ad provider (that isn't Google) gets off on threatening a Google blacklist.

            reply to this | link to this | view in chronology ]

          • icon
            Khym Chanur (profile), 22 May 2020 @ 5:11pm

            Re: Re: Re: Re:

            We've been talking to them for a while trying to get clarification and we've been unable to get any real clarity beyond "this needs to be done." It's been very frustrating.

            A guess: some moronic manager or exec came up with this interpretation of reality and passed it down to all employees. Said manager/exec refuses to ever admit to being wrong, the frontline employees can't tell you "it's because a higher up is being a moron", and the manager/exec won't take calls from clients like you to explain their reasoning.

            reply to this | link to this | view in chronology ]

  • icon
    TKnarr (profile), 21 May 2020 @ 8:20pm

    It's fallout from the abuses. So many entities abused cookies for so many bad things and refused to do anything about user anger or even admit they were doing it that the response turned from "Please stop the abuse." to "We find your terms acceptable." (in response to the abusers' position that allowing even benign cookies without restrictions means having to allow any and all cookies without restriction).

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2020 @ 8:23pm

    I went to the Neiman Marcus site; they left this cookie in my browser cooking.nytimes.com/recipes/9465-the-250-cookie-recipe and billed me two hundred and fifty dollars; now I am bankrupt www.nytimes.com/2020/05/07/business/neiman-marcus-bankruptcy.html and it's all your fault. You'll be hearing from my lawyers...

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 21 May 2020 @ 9:51pm

    This is why I love Ublock

    I right click on annoying pop up banners and hit "block element".
    No more annoying banner. Life is good again.

    reply to this | link to this | view in chronology ]

  • icon
    Ehud Gavron (profile), 21 May 2020 @ 11:46pm

    Cookie?

    Mike, what kind of cookies does your writing staff prefer? I'm assuming you're working from home... if so I'll need that address... but if there's a group of you in an office we're good there.

    Chocolate chip?
    Peanut butter?
    Oatmeal raisin?
    Please don't say M&Ms... those don't ship well in this heat.

    Also how many staffers? I can have those cookies to you on Tuesday.

    Also if you DO NOT WANT THESE COOKIES click "GOT IT".
    :)

    E
    P.S. Can I claim I'm a proud supporter of TechDirt Cookies if you take me up on it?

    reply to this | link to this | view in chronology ]

  • icon
    Federico (profile), 22 May 2020 @ 12:04am

    Misreading of the law on essential cookies

    We use cookies, for example, to track your preferences (including when you turn off ads on the site, which we let you do for free). In order to make sure those ads are gone, or whatever other preferences stay in place, we use cookies.

    This is a bad representation. EU privacy laws do not require a cookie warning for essential cookies, only for the inessential ones.
    https://gdpr.eu/cookies/

    See also the legal basis of processing under GDPR (consent is one out of 6 and tehre are various ways to gain consent):
    https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisa tions/legal-grounds-processing-data/grounds-processing/when-can-personal-data-be-processed_en
    https: //ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grou nds-processing-data/grounds-processing/when-consent-valid_en

    Techdirt sets a number of cookies for unregistered users, few if any of which appear to be necessary to serve the content:
    https://i.stack.imgur.com/joXty.png

    Practically speaking, if you removed Google Analytics you would have done most of the work. (Or do you also show ads from Google? I'm happy to pay a subscription largely because I refuse to load ads. At the moment you don't seem to be loading any ads but maybe it's just you being suspended by Google Ads.)

    Some passages of the Techdirt privacy policy are a bit dubious:

    Floor64 does not share your personally identifiable information with other organizations for their marketing or promotional uses without your prior express consent. Please be aware, however, that any personally identifiable information that you voluntarily choose to display on Techdirt - such as when you publish attribution credits for your submissions - becomes publicly available and may be collected and used by others without restriction.

    This seems to imply you don't share IP addresses with third parties, which is incorrect because Techdirt loads resources from Automattic, Google, FontAwesome, CloudFlare, Soundcloud, StackCommerce, Amazon, RawGit, Akamai and ChartBeat. Some of these are definitely superfluous, for instance fonts and static JS could be easily stored on your server.

    People like to blame the EU law but the responsibility rests squarely with the laziness of the website admins and developers who failed to reconsider their usage of cookies. I'm happy to help with patches if there's a git repository you can share somewhere.

    reply to this | link to this | view in chronology ]

    • identicon
      Beatnick, 22 May 2020 @ 2:02am

      Re: Misreading of the law on essential cookies

      "Receive users’ consent before you use any cookies except strictly necessary cookies.
      Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
      Document and store consent received from users.
      Allow users to access your service even if they refuse to allow the use of certain cookies"

      While those points don't make it clear but they point to "the consent has to be given explicit not implicit, so "by using this site you are agreeing to" isn't GDPR compliant there has to be an option of "fuck of with 3rd party cookies"
      I think there has been a court decision making it clear, though not sure.

      reply to this | link to this | view in chronology ]

      • icon
        Federico (profile), 22 May 2020 @ 5:27am

        Re: Re: Misreading of the law on essential cookies

        There are a few cases ongoing, maybe you mean one of these:
        https://gdprhub.eu/index.php?title=CJEU_-_C-673/17_-_Planet49
        https://gdprhub.eu/index.php?ti tle=AP_-_Consent_to_place_cookies

        Most interesting at the moment are Guidelines 05/2020 on consent under Regulation 2016/679 (Version 1.1, adopted on 4 May 2020):

        In order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information already stored, in the terminal equipment of a user (so called cookie walls).

        Also:

        Without prejudice to existing (national) contract law, consent can be obtained through a recorded oral statement, although due note must be taken of the information available to the data subject, prior to the indication of consent. The use of pre-ticked opt-in boxes is invalid under the GDPR. Silence or inactivity on the part of the data subject, as well as merely proceeding with a service cannot be regarded as an active indication of choice.

        And:

        Therefore, merely continuing the ordinary use of a website is not conduct from which one can infer an indication of wishes by the data subject to signify his or her agreement to a proposed processing operation.

        Notably, what Mike asks (consent to be given by browser settings) is explicitly allowed by the authority:

        An often-mentioned example to do this in the online context is to obtain consent of Internet users via their browser settings.

        But:

        However, when consent is obtained via electronic means through only one mouse-click, swipe, or keystroke, data subjects must, in practice, be able to withdraw that consent equally as easily.

        Many forget the general premise of all this:

        Consent remains one of six lawful bases to process personal data, as listed in Article 6 of the GDPR. When initiating activities that involve processing of personal data, a controller must always take time to consider what would be the appropriate lawful ground for the envisaged processing.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 May 2020 @ 6:22am

      Re: Misreading of the law on essential cookies

      "essential cookies"

      First I had heard of this designation, rather humorous.

      reply to this | link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 22 May 2020 @ 10:22am

      Re: Misreading of the law on essential cookies

      Looking into this, but again, the amount of time and money we're spending to get this sorted out is going to be more than we make in ads. At what point does the whole thing just not become worth it any more?

      We've already bent over backwards to try to make our site as friendly as possible to visitors, and now it feels like we're getting punished for it.

      reply to this | link to this | view in chronology ]

  • identicon
    ryuugami, 22 May 2020 @ 12:04am

    Hm, I must missed the part where your ad provider and Google became EU government agencies.

    Without that, it sure looks like it's the US private corporations that are strongarming you.

    Did Google not at least say why they'll "block you globally"? Like, point to a certain clause in the regulation or a court order that would force them to do it? There's nothing like it in the article, and if they really didn't provide such a justification, it would mean you don't know that it's the GDPR's fault.

    (Relatedly: uMatrix lists, among others, 13 blocked Google cookies on this page. Since you didn't provide an opt-out dialog, Techdirt is not actually in compliance with the GDPR, and this whole charade is a big bag of nothing. Like many before you, you're simply inconveniencing your readers for no gain whatsoever, and pretending it's somehow EU's fault. If you want to blame it on EU, it would be nice if you at least implemented it properly -- then the blame may be warranted...)

    reply to this | link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 22 May 2020 @ 1:15am

      Re:

      Since you didn't provide an opt-out dialog, Techdirt is not actually in compliance with the GDPR

      If we can tell that you're coming from an EU (or California) location, and we're serving such ads on your page, we do provide an opt-out. Of course, when we first put those up, we got yelled at by people too for creating such an annoying experience.

      The whole thing is ridiculous and does nothing to protect anyone's privacy, and it's a no-win for us. It's making it too "costly" for us to have any ads at all, and that means it may be too costly to keep running the site. For what? So everyone has to click through when they could just do things in their own browsers?

      If you don't want cookies, YOU have the control. If you don't want the ads, YOU have the control. Us having to put up extra annoying pop ups and click throughs doesn't help anyone.

      reply to this | link to this | view in chronology ]

      • icon
        Federico (profile), 22 May 2020 @ 1:59am

        Re: Re: Not helping anyone

        It would help for the large majority of visitors, if you chose to remove the unnecessary cookies and other PII processing.

        Nobody is saying this is easy: doing without centralized ad networks is indeed difficult for a small publication like TechDirt (unlike the NYT). As a reader I enormously appreciate all the efforts made to keep TechDirt afloat with various sources of revenues.

        By the way, were you given the option to display "untargeted ads", which require less consent? This "option" was floated for a few publishers who estimated they'd be paid 25-75 % less for untargeted ads, see e.g. https://digiday.com/media/gdpr-mayhem-programmatic-ad-buying-plummets-europe/

        reply to this | link to this | view in chronology ]

        • icon
          Mike Masnick (profile), 22 May 2020 @ 10:18am

          Re: Re: Re: Not helping anyone

          We had our ad provider switch to untargeted (and took that revenue hit) a while back. And we had pointed that out when they started demanding this, and they told us this was separate from that.

          The frustration from my point is that the cost of "compliance" here is more than we're making in ads. So the end result is that I feel like we should just block the EU entirely rather than deal with this nonsense. I have a ton of work to do and half of my time is now trying to get clarification on ridiculously complex EU regulations that don't actually protect anyone.

          If the goal of these regulations is to put small sites out of business, well, that's working. I don't see how that helps anyone though.

          reply to this | link to this | view in chronology ]

          • identicon
            ryuugami, 22 May 2020 @ 5:06pm

            Re: Re: Re: Re: Not helping anyone

            If the goal of our ad provider is to put small sites out of business, well, that's working. I don't see how that helps anyone though.

            FTFY.

            reply to this | link to this | view in chronology ]

            • identicon
              TFG, 22 May 2020 @ 9:02pm

              Re: Re: Re: Re: Re: Not helping anyone

              No, I don't think you did. The root cause of this is the regulation itself, which threatens incredibly damaging amounts of liability for infractions, requiring expensive compliance to accommodate confusing instructions.

              The ad provider certainly isn't helping things, but I'd say it's not accurate to lay blame solely at their feet.

              reply to this | link to this | view in chronology ]

      • identicon
        ryuugami, 22 May 2020 @ 3:53am

        Re: Re:

        Thanks for the reply.

        If we can tell that you're coming from an EU (or California) location

        I'm a citizen of the EU, but currently living abroad -- I guess that explains why I never saw the popup.

        Of course, when we first put those up, we got yelled at by people too for creating such an annoying experience.

        According to the GDPR, opt-out should be as easy as opt-in. Usually, there's a one-click "accept all" button, which means that to be compliant there should also be a one-click "deny all" button. If it indeed was implemented like that, then the people calling it annoying were being unreasonable and you should ignore them.

        The whole thing is ridiculous and does nothing to protect anyone's privacy, and it's a no-win for us.

        From the article, and your other reply upthread, I see that the one putting silly demands on you is your ad provider, based on some massive misunderstanding of both the content as well as the jurisdictional scope of the GDPR, and it appears they're happy with a change that doesn't improve compliance at all. And they refuse to explain why or what happens if you don't do it.

        I really, really, really don't think EU or GDPR are your problem here.

        If you don't want cookies, YOU have the control. If you don't want the ads, YOU have the control.

        Yes, I do, and I block everything (third-parties, JavaScript, cookies, trackers, ads...), use a VPN, mask my browser user agent string, use a VM for some sites, and avoid Google & co as much as it is feasible, and then a bit more than that. I also added the cookie popup to my custom "Techdirt Dark Mode" CSS stylesheet.

        (TBH, I don't really think any of that helps all that much, but it's kinda fun in it's own way.)

        Us having to put up extra annoying pop ups and click throughs doesn't help anyone.

        It doesn't, but doing it correctly helps the 99.99% of the general population that doesn't have the knowledge, experience, or, most of all, time to do all of the (likely useless) stuff I listed up there.

        reply to this | link to this | view in chronology ]

  • identicon
    Max, 22 May 2020 @ 1:13am

    Are you actually setting those cookies BEFORE anyone ever clicks on anything? Because if so, the banner will do absolutely nothing to make you more legal, or more in compliance, or whatever. If you are not, then the banner is working GREAT for me - because I never agree to any of them, I just hide them all out of existence.

    And no, I'm not otherwise "in control" as you're trying to imply - not sure what your browser lets you do, but all mine lets me do is accept or reject cookies wholesale - no such thing as "keep cookies from this site indefinitely, allow some from that one but delete them as soon as I leave the page, and refuse everything from that other one", accessible through simple means, per-site, on the UI (or anywhere else in general). Yes, I could try finding an extension that lets me do this properly. Yes, THAT would be an actual pain to find (yes, I already tried); the banner I don't see isn't.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 May 2020 @ 2:44am

    Got it

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 22 May 2020 @ 7:30am

    From the brilliant minds that want to sue grandmothers for daring to post pictures of their grandkids showing how proud they are of them...

    Perhaps they aren't actually solving anything but trying to make people feel better without any effort on their part while trying to get paid by the deep pockets for not being able to jump when told to jump & stay in the air forever.

    reply to this | link to this | view in chronology ]

  • icon
    Ehud Gavron (profile), 22 May 2020 @ 7:41am

    Balkanization

    So... throwing it out there...

    I see these pseudo press-conferences where some guy is pointedly rude to the journalists who are there to cover the event. None of them get up and leave. I, and like-minded people I talk to, think that if he starts to be rude or call someone "nasty" for asking a perfectly reasonable question, all [but two] of them should get up and leave.

    Why is it, then, that a European law should apply to TechDirt? Why not just have a banner at the top that says "If you're coming from a country that supports the GDRP you should close this browser window"?

    I understand that the little countries in Europe think this is a good idea... and some parts of it are a good idea. Some are not. This is me speaking both as an IT person who implements things, and as someone who respects the rule of law as a person, and someone who thinks we should not be beholden to every jurisdiction in the world.

    Here's the Godwin angle: What if tomorrow China passes their own version of the GDPR and it says we have to call Hong Kong and Taiwan "by their proper names of Slaves-Of-China-Rule™"? Would every website in the world (including TD) now have to change all references to be that way? Would we retroactively have to go edit all references to be that way? Would wikipedia do it?

    If yes, then we've lost.

    If no, then f the GDPR and run your website the way you want to run it. Let those who live under repressive regimes enjoy their newfound "freedoms" without costing everyone else time, effort, and money.

    Also the cookie offer is still open.

    V/r

    Ehud

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 May 2020 @ 7:57am

    Why not just just place the banner in the space below where your ads go? Users that can already see the ads will likely notice the banner. For users that don't see ads normally, make the background of the banner swap between white and blue at slow intervals (alternatively, put a slow fade effect between the two colors on the button)...

    That places the banner out of the main view area (which means less user annoyance) but eventuality grabs the attention of the user by contrasting with the static nature of the rest of the rest of the site's interface.

    reply to this | link to this | view in chronology ]

  • icon
    Thad (profile), 22 May 2020 @ 9:35am

    I use a Firefox extension called Cookie AutoDelete. It doesn't have the most user-friendly interface but I appreciate its granular controls; it defaults to deleting cookies after I close a page, but allows a whitelist of domains where I want to keep them.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 May 2020 @ 5:12pm

    For what it's worth I didn't notice the new "GOT IT" banner at the bottom of the page until I read this article. The chosen colors seem to make a very nice closing page border (javascript and cookies both turned off).

    But...full disclosure...
    It could be that I've gotten better at ignoring these. Afterall, they are everywhere now. Or, perhaps it's the (2nd, 3rd?) T&T at my left hand clouding my visuals. Sorry, but it is after five o'clock somewhere in the pandemic.

    In any case, keep up the good fight, Mike. I appreciate it (really!). There are so few out there that think about us (the end user), much less look after us.

    reply to this | link to this | view in chronology ]

  • icon
    R.H. (profile), 22 May 2020 @ 10:15pm

    I Have Issues With How This Cookie Thing Is Implemented

    Now that the EU has stepped this anti-cookie behavior up another step by saying that sites can't block users from content if they refuse cookies I have even more issues with it.

    Here's my analogy, let's say that a store has a sign posted saying that they use a mix of technologies (Wi-Fi beacons, using Wi-Fi as radar, etc.) to track the movement of customers through their store. If you don't want to be tracked in that way, you can choose to not shop there. How is that different from a website saying, we pay for the content you're here to see by serving targeted ads. To target those ads we place cookies on your computer. If you don't want ads targeted at you then you can look for the content elsewhere.

    By the way, my first case isn't just a random hypothetical, I was at a free to the public badged event last year where anyone could come in and view the event as long as they stopped at the front desk to get a badge. Those badges contained small Bluetooth Low Energy beacons. While they were anonymous, the venue was certainly using them for traffic analysis and those of us who were working the event got our badges scanned for entry into various off-limits areas.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 May 2020 @ 1:05am

    the really stupid thing about EU cookie notifications is that some of those "notifications" are not needed at all for some sites, because purely technical cookies are extempted.

    Since lawyers are sucking ass at properly defining terms such as "purely technical".. we ended up with cookie notifications for anything even when they are not needed... because lawyers.

    https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies

    reply to this | link to this | view in chronology ]

  • icon
    Ehud Gavron (profile), 23 May 2020 @ 1:31am

    Cookies, stateful browsing, ecommerce

    So today we use cookies.

    Tomorrow the mechanism we use to have our web server track the path of browsing will be different. Should we have to recode our web servers then?

    Fundamentally there is stateless browsing, where one just browses to whatever page, and there you are. There is no logging in. There is no option to log in. No login/no credit card/no auth = no ecommerce.

    Then there is stateful browsing. Parameters are established, maintained, and hopefully secured throughout "a browsing session". It can be cookies... a generated custom part of the URL ("tracking URL")... or whatever clever people come up with next. Key here is "session" means it's stateful from a "start" to an "end".

    The point is that these are REQUIRED in order for ecommerce to work. Ecommerce can even be as simple as "Hey do you want to save your TechDirt settings so you don't have to re-enter them every time? Log in here."

    The GDPR is mostly out of touch with its requirements. TD should get a hiking trail map and hand it to the ICO, addressed to "Jack" with a note that says "take a hike."

    E

    reply to this | link to this | view in chronology ]

  • icon
    charliebrown (profile), 23 May 2020 @ 5:32pm

    "This site uses cokies"

    Where's the "Oh duh!" button?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.