I challenge you to demonstrate the supposed understanding you have that would explain why that website is following "industry‘s shitty solution to forcing users to consent with tracking." (and not even each industry website does such stupid full page banners) instead of using non-shitty solutions.
It's a good question, which has a very obvious answer: even government websites are built by clueless people and/or marketers and/or using shitty tech.
Which you can see when you click on "personalise" in the cookie banner.
You can, and I have, and it clearly requires almost any modern website to have a cookie banner. Which shouldn't be too surprising, when you go to gdpr.eu and see the cookie banner at the bottom. It's possible in principle to jump through the crazy hoops required to avoid it, but the only sites I've ever seen do so are national Data Protection Authorities.
Because American websites often don't bother with preemptive GDPR compliance, and DPAs consider first-party cookies of small websites to be a pretty low enforcement priority. My browser shows four persistent cookies, one for news.ycombinator.com and three for .ycombinator.com, that definitely require GDPR consent. In particular note that merely keeping you logged in across browser sessions requires a cookie banner, because that persistence is not strictly essential to the site's functionality; the official GDPR explainer (https://gdpr.eu/cookies/) calls this a "preferences cookie".
Only if you define "almost any modern website" as one that does precisely what the GDPR set out to deal with. If tracking wasn't as widespread we wouldn't have needed the regulation in the first place.
Tracking vs. non-tracking is not a distinction that the EU cookie rules recognize. A privacy respecting first-party analytics cookie, serving no other purpose than to let the website operator count how many distinct users visit a particular page, is still a not-strictly-necessary cookie which your users must provide informed consent for.
> A privacy respecting first-party analytics cookie, serving no other purpose than to let the website operator count how many distinct users visit a particular page, is still a not-strictly-necessary cookie which your users must provide informed consent for.
Obviously you haven’t either, because GDPR says nothing about cookie banners.
Cookie banners are the result of a different piece of legislation, the ePrivacy directive. Have you read that one too?
What about all the latest judicial actions regarding data transfers to 3rd parties that have gone back and forth due to ongoing legal cases? Legislation is totally irrelevant without the context of the latest judicial precedent.
Did you read the entirely of the schrems decisions and the analysis of what that means for using or offering any technology services? Having read GDPR is irrelevant when one day Google analytics is okay to use and the next day it's not due to one court case.
What about the latest data transfer agreements between the US and EU that invalidated the use of standard contractual clauses, and the above prior Schrems decisions? You've had years at this point.
Do you think it’s good to insult and assume bad faith from your fellow internet commenters about a topic you actually don't understand yourself?
Oh definitely, the decentralized private market absolutely got together in secret to devise a plan to undermine the beautifully designed EU legislation by using cookie banners.
My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government designed a dumb piece of legislation.
Who said anything about secret? They are doing it all in the open.
> My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
Oh, your flower shop only sells you flowers. The 1421 "partners" on their website however are really glad that they tricked clueless people to include their "GDPR-compliant privacy-preserving" solutions.
> It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government got something wrong.
GDPR doesn't require huge obnoxious banners.
ePrivacy doesn't require huge obnoxious banners.
Industry: let's create huge obnoxious banners with all sorts of dark patterns to trick people into "consent" through innocent inconspicuous tool vendors like Interactive Advertising Bureau, and blame GDPR for requiring them.
Poor, poor sweet innocent companies. It's GDPR making them collect and keep your precise geolocation for 12 years across thousands of partners who care about your privacy: https://x.com/dmitriid/status/1817122117093056541
Sorry, cookie banners are a direct result of EU legislation, it really is that simple.
While your "evil data broker malicious compliance conspiracy" narrative is a popular one, especially on this website, that doesn't make it true and you've offered zero facts to support it either.
I've dealt directly with multiple companies in regards to this legislation, and know exactly why we made the decisions we did based on the legal advice given in each instance.
But I will not argue further. You want this conspiracy narrative to be true as it plugs into the tapestry of religious narratives that form your identity. Any facts or logic I can offer against this are no match.
However, could you not agree that moving forward, a centralized browser-based setting is the better solution for all parties involved?
> Sorry, cookie banners are a direct result of EU legislation, it really is that simple.
Please write to me the relevant part of the legislation that require a full screen cookie banner that requires you to manually click "no" on each of the 1000+ "partners".
> you've offered zero facts to support it either.
Ah yes, and you've provided a lot of support to your "cookie banners as we see them implemented by literal ad business industry groups are the result of the legislation"
> and know exactly why we made the decisions we did based on the legal advice given in each instance.
Oh, I do, too. The legal council is "since you insist on using fifteen different marketing tools each relying on tracking, we have to include these banners developed by the advertising and tracking industry to cover our assess".
> You want this conspiracy narrative
Once again: it's not a conspiracy theory. It's literally done in the open.
> could you not agree that moving forward, a centralized browser-based setting is the better solution for all parties involved?
GDPR has been around for 9 years now.
Somehow, world's largest advertising and user tracking company that incidentally makes the world's most popular browser came up with exactly zero proposals to do that.
In the same time they have come up with at least three to keep tricking people into tracking. The latest one was literally "how to build a more private web? by turning on tracking" https://x.com/dmitriid/status/1664682689591377923 ("no thanks" in those screenshots turns off data sharing and tracking)
But yes do tell me how this blatant open flaunting of user privacy is "conspiracy thinking".
Edit: also please tell me whether "we're creating a user profile on you, collect device identifiers and precise geolocation information, and storing that data for 12 years" is conspiracy thinking and the direct result of GDPR?
