UK Wants To Replace Cookie Pop-Ups With Browser-Based Opt-Outs (techcrunch.com) 41
The U.K. government has published its final response to a data 'reform' consultation it kicked off last year, laying out how it intends to diverge from EU-based data protection rules. From a report: At first pass, it looks like it has stepped away from some of the more extreme 'reforms' it had been tossing around -- such as removing the right for human review of automated/AI decisions; which the consultation admits was opposed by the "vast majority" of respondents (ergo, the government writes that it "recognises the importance of appropriate safeguards, and will not pursue this proposal"; although it says it's still considering how to amend Article 22 of the U.K. GDPR -- so watch that space).
That said, there are still a lot of potentially wide-ranging amendments being announced in this package -- such as a switch to an opt-out model for most online tracking; which the government is spinning as an end to cookie consent pop-ups but which raises plenty of wider questions -- and changes to the U.K.'s data protection regulator that could still sum to substantial differences for the rights of citizens, businesses and other types of data processors operating in the country. There's plenty more incoming from the U.K. government on the digital policy front too -- such as the sprawling Online Safety Bill, which is currently making its way through parliament, and is set to dramatically ramp up compliance demands for all sorts of businesses. So it pays to keep the wider picture in mind as the government spins its pitch of post-Brexit, rebooted data laws that will give British business a "boost" by cutting EU 'red tape.'
That said, there are still a lot of potentially wide-ranging amendments being announced in this package -- such as a switch to an opt-out model for most online tracking; which the government is spinning as an end to cookie consent pop-ups but which raises plenty of wider questions -- and changes to the U.K.'s data protection regulator that could still sum to substantial differences for the rights of citizens, businesses and other types of data processors operating in the country. There's plenty more incoming from the U.K. government on the digital policy front too -- such as the sprawling Online Safety Bill, which is currently making its way through parliament, and is set to dramatically ramp up compliance demands for all sorts of businesses. So it pays to keep the wider picture in mind as the government spins its pitch of post-Brexit, rebooted data laws that will give British business a "boost" by cutting EU 'red tape.'
thanks (Score:1)
UK
That will be fine...if (Score:5, Insightful)
...we don't get these "clever" opt-outs which encourages people to click the wrong icon.
What we already see from the effects of GDPR is:
- "Clever" opt-outs that either require you to manually disable 100 if not 1000's of affiliates on every website or they write you a sob story about how they need the money to run the site which link you clicked on once never to return and to Accept all - or they won't show you the contents, a "paywall" of sorts - but with your consent to datamining as payment.
- Many televisions have built in entertainment and functions they will not let you parttake in unless you "accept all", for example my Samsung TV has become an increaed pain with every software update, they inform me that functions will no longer be available to us unless I accept. And they say "you can opt-out" but then you're presented with a 40+ multi page of various "partners" you have to opt-out of, which takes hours, if not days - on top of that we all know how sluggish smart-tv menues are.
It's all one giant political game of runarounds and workarounds every new law that comes, and we are forever watching an increase in popups and irritability chores, asked to press this, click that, consent to this consent to that.
Older politicians are notorious for their lack of "internet skills" and basic knowledge of how it all works.
Re:That will be fine...if (Score:4, Insightful)
Yep. They ask you each and every time you 'visit' the website if you want to enable all cookies or not, and you just keep telling them no.
Until you accidentally click Ok in a new unclear menu they made so you give them permission anyway, and then they miraculously stop asking you.
Funny thing, though. Several laws will come out in the next few months that make doing that illegal. So that's going to be a bit of an issue.
Re: (Score:2)
These days I visit those sites in private mode and click "yes" to everything.
Then I close the window.
Bye!
Re: (Score:2)
DuckDuckGo privacy browser allows you to burn everything (except the ones you want to save).
Re: (Score:2)
Most technical people would just install a userscript or extension to handle this instead.
Re: (Score:2)
Re: (Score:2)
What we already see from the effects of GDPR is:
...that if leave them a single inch they'll simply think of ways to game the system and take a whole mile.
It's all one giant political game of runarounds and workarounds every new law that comes, and we are forever watching an increase in popups and irritability chores, asked to press this, click that, consent to this consent to that.
What's needed is a clause in the GDPR for company director jail time followed by a few well-publicized cases of it being applied.
A couple of weeks inside ought to be enough.
Re: (Score:3)
- "Clever" opt-outs that either require you to manually disable 100 if not 1000's
You misspelt "illegal". GDPR requires manual opt-in. Which is why when you click the "manage settings" button on the cookie popups they are all disabled by default in any cookie popup that is compliant. So for nearly all the cookie popups you simply click "manage settings" and then "accept" or "confirm" or whatever the button to make the window disappear is.
or they won't show you the contents
And that is outright illegal according to the GDPR, not just for cookies, but for all manner of data related matters.
Re: (Score:3)
"Clever" opt outs are illegal and are slowly going away as regulators crack down on them. Google was recently hit with a massive fine for doing it (reported here), and has been A/B testing a replacement that makes the accept and reject buttons equally easy to use.
TVs that require you to accept all are illegal. Return them and complain to your regulator. The GDPR is clear, every non-essential usage must be individually opt-in, and refusal to opt-in cannot be used to deny services that will function without t
Re: (Score:2)
...we don't get these "clever" opt-outs which encourages people to click the wrong icon.
What we already see from the effects of GDPR is:
- "Clever" opt-outs that either require you to manually disable 100 if not 1000's of affiliates on every website or they write you a sob story about how they need the money to run the site which link you clicked on once never to return and to Accept all - or they won't show you the contents, a "paywall" of sorts - but with your consent to datamining as payment.
- Many televisions have built in entertainment and functions they will not let you parttake in unless you "accept all", for example my Samsung TV has become an increaed pain with every software update, they inform me that functions will no longer be available to us unless I accept. And they say "you can opt-out" but then you're presented with a 40+ multi page of various "partners" you have to opt-out of, which takes hours, if not days - on top of that we all know how sluggish smart-tv menues are.
It's all one giant political game of runarounds and workarounds every new law that comes, and we are forever watching an increase in popups and irritability chores, asked to press this, click that, consent to this consent to that.
Older politicians are notorious for their lack of "internet skills" and basic knowledge of how it all works.
The effect of the GDPR is that companies that are tracking me or attempting to misuse my personal data are now liable for criminal punishments.
In the UK or EU, you cannot give away your rights under the GDPR, they're inalienable regardless of what a popup or shrink wrap contract says. Hell, you'll get extra punishment for thinking you can circumvent the law that blatantly. Judges really do hate smarmy defendants and smarmy lawyers. This reaction is not due to the GDPR, rather it is due to the companies
Yes (Score:1)
Re: (Score:2)
Problem: It's always been voluntary.
Re: (Score:2)
I'm sure this will work as well as the "Do Not Track" setting, as in, it will be completely ignored (with no consequences).
Re: (Score:1)
Re: (Score:1)
We need laws to just ban cookies altogether... (Score:2)
There's not a single damn cookie that's actually "necessary" no matter what the cookie configuration options claim.
Well, apart from one, your session cookie. We can allow that one. Make them store all the other information on their own servers, not in our browsers.
In a similar vein: Browser fingerprinting. Why are browsers still so promiscuous in 2022? Web sites simply don't need to know all that information. Nobody makes web sites that need to depend on a particular browser/version any more. I want a brows
Re: (Score:2)
Re: (Score:2)
But first party cookies should be enough for that. Not third party cookies.
Re: (Score:3)
Your "session cookie", I think I mentioned that...
Re: (Score:2)
Re: (Score:2)
There's not a single damn cookie that's actually "necessary" no matter what the cookie configuration options claim.
For example, changing preference from F to C on a weather website? It's pretty useful if you want to avoid Freedom Units while staying in the US.
Re: (Score:2)
That can be stored just as well in the PHP session file on their server.
Re: (Score:1)
Which requires a login to a random website, no thanks.
Re: We need laws to just ban cookies altogether... (Score:1)
You don't need to log in to have a session cookie and to store data in it.
Re: (Score:2)
There's not a single damn cookie that's actually "necessary"
Says the person who would have been completely unable to make this post without the Slashdot session cookie in place.
Re: (Score:2)
You might have wanted to read, e.g. line 2 of his post before replying.
Though technically you don't need a session cookie, it can all be done via URL mangling, but logins via cookies is the best solution.
DNT: 1 (Score:4, Insightful)
Do Not Track. The technology exists. Make violations expensive or nothing will change.
Re: (Score:2)
Just more posturing (Score:2)
This is simply more posturing.
"Reduce red tape" ... sure. All the new documents required to import or export products from and to EU countries is far more red tape than will ever be reduced due to BREXIT.
If the UK wants to export to the EU, they will still have to comply with EU rules, but now, with no vote on them. Meanwhile, Northern Ireland ... the only real solution is handing it over to the Republic.
[downmods from the pro-BREXIT users with mod points incoming in 5.4.3.2...]
I want it extra spicy please (Score:2)
Are we barking up the wrong tree? (Score:3)
Everyone seems to be so fixated on the cookies. Meanwhile, they are just one of many, many methods of storing data inside the user's browser, so called client-side storage. Just to make a few, we've got cookies, session storage, local storage, IndexedDB, the Cache API, Web SQL...
We need a regulation which would cover all methods of client-side storage. Otherwise, developers of invasive technologies are just going to jump to another storage method to bypass the regulation.
Re: Are we barking up the wrong tree? (Score:2)
It's not even storing data in the browser that's the problem. They also equally need consent for server side processing, regardless of how it ended up in the server.
Re: Are we barking up the wrong tree? (Score:1)
GDPR covers all methods of collecting and sorting data, including paper forms in filing cabinets.
You might be confusing it with the cookie laws that came in prior to GDPR.
Better yet (Score:2)
How about changing the law so they can't put you in prison for life if you forgot an encryption password and they don't beleive you?
The web is close to unusable in Europe (Score:2)
I travel in Europe occasionally, and the web is close to unusable there.
Every freaking site puts a pop-up in your face demanding that you answer its questions three...
Re: (Score:2)
I wonder if a web browser that enabled people to answer these popup questions with things that get stored in one big shared cookie per site -- then when the browser loaded the site, it knew how to fetch the 3 question answers to bypass the garbage... Honestly, if a Chrome plugin _worked_ to block those popups, then I'd use that. Something like AdBlock Plus does a decent job.
Re: (Score:2)
I travel in Europe occasionally, and the web is close to unusable there.
Every freaking site puts a pop-up in your face demanding that you answer its questions three...
Oh noes you need to click a button. "Unusable" I guess doesn't have the same definition in American English as what the queen intended right?
Re: (Score:2)
I travel in Europe occasionally, and the web is close to unusable there. Every freaking site puts a pop-up in your face demanding that you answer its questions three...
Well I live in Europe. I block cookies (and Javascript) on most web sites by default. I couldn't tell you when I last saw one of these pop-ups (or any other kind of pop-up for that matter), and the usability of the web is just fine.