Pre-checked cookie boxes don't count as valid consent, says adviser to top EU court Requiring someone to uncheck a pre-ticked box doesn't count as valid cookie consent under EU law, the adviser to the bloc's top court has said. Advocate general Maciej Szpunar's opinions aren't binding but are often followed by the Court of Justice of the European Union (CJEU). This much-anticipated confirmation of the …
From personal experience it appears that about half of the websites that ask for information require you to uncheck the marketing tick box. This has annoyed me since long before 25 May 2018 where the proportion of cavalier presumed 'enrolment' was far greater.
Thank you to those organisations who have changed their web forms to require active opt-in.
Shame on those who haven't - change now or face the legal consequences.
There was one I kept seeing in my news feed for an American news site with an "accept" button, or "more info". "More info" did allow you to unsubscribe to tracking cookies, but only if you visited the owner's site for each one individually (provided as a hyperlink) and deregistered. The list was huge! Well over 50 entries!
I don't read news provided by this site when it pops into my feed
Pfft - 50 is nothing - try the Dilbert website, 5 categories, each with well over a hundred cookies (albeit with some duplication), each with individual toggles to disable (enabled by default, natch).
Sometimes I wonder if it's Scott Adams parodying the issue, but then he's a Trump supporter so probably not
I was not aware that Scott Adams was a Trump supporter. Thanks for letting me know about this. I have done the correct thing (best to my ability to do so) and removed his work from anything I used to follow him on (Facebook/GoComics). I also removed the books I was planning on buying that he had made on Amazon.
I also invalidated everything I had considered worth listening to from him. Because being a Trump supporter is just really (^9) stupid and only stupid people (and evil) support Trump along with stupid nazis.
I've also gone off Adams since his performance in the 2016 election, but I really have to object to the characterisation of Trump supporters.
If you write off the entirety of the opposing party, and about 40% of the population, as "stupid and/or evil", you have given up on democracy.
Why would anyone think that a web-site provider is going to let you bypass all the things they are trying to do with an "I do not consent" option?
There is only one option: take responsibility for your own browser software and block the trackers and if the site breaks, go somewhere else.
Noscript is my favourite, but for non-techies, Brave seems to do a good job of Making the Internet Good Again. Mocking All Google's Advertising Attempts?
That would be because you have already landed on the site, in over 90% of cases. Therefore the cookie has already been downloaded by your browser. A properly made site will show you a page first which does not set any cookie and then ask you to consent to visit the website.
"OK and More Info"
like this: https://aqua-teen-hunger-force.fandom.com/wiki/Www.yzzerdd.com
(from the article's title, I'm glad to see at least SOME common sense in application of the law)
For Firefox, there's a plugin (or was, I'm using version 56 still) of 'cookie white list with buttons' or similar title. In short, you can tell it to accept ALL cookies, as long as the button enables cookies. But only whitelisted cookies are stored on the hard drive. The rest go into 'write only memory' when you disable cookies or close the browser. Dumping all cookies is basically "turn it off, turn it back on again" [except for whilte-listed cookies, of course]. So it doesn't SOLVE the problem, but it sure keeps it under control.
In fact, if this were a standard browser feature (HINT HINT) to ONLY store non-white-list cookies IN MEMORY, and give users the ability to "dump all" or shut off their acceptance with a button or a menu option, it might actually solve 99% of the cookie tracking problems. In many cases you'd get those irritating "someone logged on to your account" e-mails but so what. The entire point is to eliminate the tracking, and flushing cookies periodically (yes, obvious reference to "the loo") would really screw them up. And what would happen if EVERYODY did it? they'd have to do something ELSE.
and 'tick boxes' on a permissions page would no longer matter. And, maybe the browser/plugin could prompt you with "do you want to store this cookie permanently" (with the options to block it [black list] or keep it in memory until you flush/exit [normal handling]) so you can see what they're up to and have some additional choice.
"Are you sure Yes/No"
"Do you want X Yes/No"
"Do you want Y Yes/No"
"Do you want to cancel cancelling all of the above and accept? Yes/No/Skip"
I came across this change Android setup list recently with a new phone. I can accept my usage and management/customisation of Google and Android services (if you know they are tracking, you can possibly amend usage to fit, or if opt out, can at least minimise on what I personally see as a tool and just a phone)... however, I consider changing the old reliable "skip all" to "accept and skip all" as not cheeky, but down right manipulative and predatory! I nearly accepted all the tracking as I'd became use to the previous no double negative trick questions!
GDPR and Cooke consent should be worded in a way that states it should take the same number of clicks to consent than it does ti deny. There is no wiggle room on that, and it will fix the websites that have 1 click GDPR consent, and 30+ clicks to deny (newsquest being one of the worst offenders).
This post has been deleted by its author
sort of blocker: a plugin (like the 'cookie white list with buttons' plugin for firefox) that allows you to accept all cookies but put non-white-listed ones into memory only, not on disk. Then when you turn off cookie acceptance (and maybe right back on again), or close the browser, they go into the bit bucket.
I recently discovered the English Heritage 'Days Out' app (Android) has problem with obtaining consent. I opened it first the 1st time for ages the other day and it didn't just prompt for my location (turned off by default and only turned on when I NEED to find out where I am), it prompted for me to change my settings to turn on location services and got locked in a loop and refused to continue when I selected 'no' (I subsequently discovered, as others have, selecting 'yes' doesn't work either)
A variation of this I have seen lately with embedded Twitter content is getting a message complaining about disabled 3rd party cookies instead of the tweet. This sort of thing seems like a violation of GDPR as consent is not considered freely given if made a condition for providing a service (GDPR Article 7(4)).
"Others will, if you look, list pages of associated companies and you have to de-select them one at a time."
Worse are those that list 40 odd other associated sites but you have to visit each of those sites to stop their cookies. Or they just push you to the generic Google 'disable cookies help pages.
Yes, and the best of these on how not to do defaults is Reach PLC. This outfit owns a huge number of local papers (this is how I fell foul of them) but are the Daily Mail group.
As soon as you hit the website you get the privacy notification. From there you can accept hundreds (I estimate around 800) of third party cookies all preselected or have to individually deselect every one. In reality it you wish to visit any of their websites, the only option is to accept all.
I have already opened a case with the ICO but you have to start with Reach, They have just ignored the contact (as you would expect). All we can hope is that enough people also raise it with the ICO. Then they may just get wacked with a fine and have to fix it. The pain is every single website has to be reported separately.
Generally German websites are the best with all defaults being off.
Cookies aren’t really the problem these days. It is the plethora of code included from third party sites including, but not limited to, Facebook icons, Google analytics and javascript / css libraries. All of these sites can, and do, track me without any consent being asked of me, let alone agreed. While they may claim to not be able to track me ‘personally’, we all know that eventually the dots form a large enough picture for me to be uniquely identified, and they do not need to know my name for this to fall under the GDPR, just the fact that I am unique.
Not if you use NoScript. With NoScript, only the code you allow runs and by default it allows nothing.
Of course, these days that means that lots of sites are broken out of the box, but you can decide which code you want to let run and see if it gets better. If it doesn't and don't have a real need, just leave.
I guarantee you that neither FaceBook nor Google nor Twitter are tracking me.
It's bs tactics for ad / PII revenue. Nothing else. I make all my sites not load ads, cookies, etc, unless visitors consent -- by default. It's not difficult. And guess what? Content is still perfectly readable! That's right, cookies are absolutely not needed to display the text or images of the page you want to visit. Fancy that! As for 3rd party JS / CSS, I don't use them. I write my own.
It's not even slightly difficult to do the right and decent thing for visitors. There should be no excusing it. At all.
"It is the plethora of code included from third party sites including, but not limited to, Facebook icons, Google analytics and javascript / css libraries."
Yup, there's been a screaming match at $orkplace about this (particularly relating to google analytics). You'd think people don't know how to run website analysis scripts anymore.
(Ironically, I just registered to the reg and I had to fill out a google recaptcha, I never consented to that or was told I'd have to interact with Google)
Thing is, GDPR means nothing until it has actually been used to fine a company for not complying. It's also "illegal" to download the latest Game of Thrones, but every year it's the most pirated TV show, just the same as the GDPR is supposed to be "opt in" consent, but most of the time, the options are pre-selected and you have to uncheck sometimes dozens of boxes only for it to be stored in a cookie/local/session storage (ironically enough) where your choices are "forgotten" (how convenient) and are not shared across devices (because that could be bad).
So they make it as hard as possible so you'll just give in and click that "I agree" button.
This will keep happening until each and every instance is both publicly documented and fined, maybe a database of companies that violated the GDPR and how much they were fined is in order.
Until then, the GDPR is more fairy tale wishful thinking than an actual law.
"Advertising is Big Business on the Interwebs. Free Market Rules are required for Big Business. Laws are just Suggestions to Big Business."
There's a _very_ easy way of dealing with this.
_All_ advertising is for _something_. _All_ advertising is done on behalf of a hirer.
Make the hirer _jointly and severally liable_ for the violations - watch how fast the illegal activities dry up even if the Big Business thinks "they're only suggestions"
Example: USA - Telephone Consumer Protection Act 1998 ("The Junk Fax Law") - pretty much stopped the flood tide of junk faxes overnight and caused people like Sanford Wallace to move into email spam instead. Only criminal groups like fax.,com were left in operation and the only legitimate companies who hired them were mom-and-pop outfits who'd been conned into believing it was legal - something they were _very_ quickly disabused of.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
