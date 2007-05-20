from the clean-your-dough dept.
European Authorities Ban Dirty Cookie Practices in GDPR Update:
When GDPR rolled out across the European Union back in 2018, the sweeping legal framework pledged to bring consumer privacy and protection to the forefront. In the years since then, we've seen the adtech industry at large do its collective darnedest to undermine these laws at every turn, and largely get away with it, thanks in part to the squishy phrasing of some of the legislation's most critical clauses.
Now, European authorities are stepping in to cut that squishiness a bit. On Monday, the European Data Protection Board—the Union's oversight committee for GDPR-related issues—released a 31-page manual (pdf) calling out some of the slimier practices used by adtech companies to fudge consent on an internet browser's behalf.
These new guidelines specifically call out the sites that assume a user's agreement to be tracked and targeted based on say, the way they scroll down a webpage, rather than relying on their explicit agreement to that deal. Also called out in the memo are "cookie walls"—a cute name for the not-so-cute tactic where sites bar internet browsers from accessing their content unless they agree to allowing cookies and trackers on the site.
These are both tactics that directly step on the concept of user consent. [...] GDPR was written to require that websites garner a visitor's consent before they handle that visitor's data, and before they pass that data down the garbled supply chain of third parties in the adtech ecosystem. As you might imagine, the GDPR painstakingly lays out exactly what does and doesn't qualify as consent, requiring that, in short, these websites explain the tech used to track the visitors in a clear and upfront way. It also requires that they offer these visitors an easy way to opt in or out of this sort of on-page tech.
(Score: 2) by gtomorrow on Thursday May 07, @01:39PM (3 children)
One of the reasons I ♥ EU.
And before all you zombies start talking about paying the bills and making money, let me tell you kids...I remember an internet that was ad-free. And I'm betting a good percentage of the (for lack of the proper term) people here do too.
(Score: 0) by Anonymous Coward on Thursday May 07, @01:52PM (2 children)
My Internet is still pretty much ad-free.
(Score: 2) by rob_on_earth on Thursday May 07, @02:12PM
Not sure if you are referring to adblock/ublock and noscript etc, but there is still a lot of sites (in number) that refuse to have ads. It is lot harder to find them as Google seems to promote the ad laden the highest.
Hmmm, how could I make money on a search engine that only returns sites that have no ads ... ?
(Score: 2) by gtomorrow on Thursday May 07, @02:23PM
How many hoops did you have to jump through? Or do you have some magic browser that is just plug-and-play, so to speak, that returns your browsing experience to pre-Google 1990s-level tracking/spying/eternal cookies?
Yeah, maybe I didn't express myself previously in the exacting terms needed to be "understood" by the Autism Spectrum disorder crowd here.
BTW, Firefox here with μBlock Origin/HTTPS Everywhere/Privacy Badger/Disconnect/Decentraleyes >> Not non-trivial.
(Score: 2) by pkrasimirov on Thursday May 07, @01:44PM
> and largely get away with it
There's the problem right there.
(Score: 0) by Anonymous Coward on Thursday May 07, @01:48PM (3 children)
I've tried to say "No" a number of times, and the process I needed to go through was far, FAR from easy. One site had a checkbox form where I had to remove consent from each item on their list - the list had 100's of items to uncheck. That, right there, is BS.
Easy is ONE button that says, "yes, I consent", and ONE button that says, "no, I do not consent". Simple. Anything more is pure BS.
(Score: 2) by Fishscene on Thursday May 07, @01:56PM
(Score: 2) by pkrasimirov on Thursday May 07, @01:59PM
It's even simpler. It should be opt-in only. Then they can put 1000s of switch-boxes if they want.
Also no question should be asked twice. If I give an answer and change my mind later, it should be by my initiative to find where in the web page to change that answer.
(Score: 1) by khallow on Thursday May 07, @02:01PM
Name names! Who put out such a shoddy trap?
(Score: 2) by rob_on_earth on Thursday May 07, @02:07PM
By the time the page has loaded far enough to load the Cookie message, numerous requests have been made to numerous ad agencies and each HTTP/S request is sending cookies.
I had to debug a slow page load and found a single tracking pixel that ran a bid system through many ad agencies including Google and Yahoo. Watching the traffic in a trace was mid blowing. 12 times it redirected and each time cookies were sent/received.
The whole GDPR side of this should be on the user. They are the ones deliberately sending requests to the webserver via their browser and then allowing the same browser to include cookie information.
(Score: 2) by Mojibake Tengu on Thursday May 07, @02:09PM (1 child)
The wrong is on browsers mechanics and crappy protocols design.
Web transfer logic has no proper topological closure. That leaves user vulnerable to unwanted information flow.
A consistent page should never allow loading any of out-of-domain resources.
Yeriḥo. Karthāgō. Sogdiana. Besièrs. 広島市 (Hiroshima-shi). For Love of God, what next?
(Score: 2) by gtomorrow on Thursday May 07, @02:27PM
Thus negating the entire concept of hypertext. Nice!
I think Rupert Murdoch was also in favor a similar design.