Even if they were such a thing as a cookie banner law, and there is none, companies in the USA would not have to comply in their country.
It would be only for Europe.
This is a pretty naive take.
If you operate in Europe, you must comply with GDPR. To selectively show a cookie banner, you have to be able to identify the (location of) the user.
It is totally reasonable for a company to operate in Europe but not wish to implement a full identity or location detection system. And so they just show the opt-in prompt to everyone.
And you can’t just implement that by using the browser’s location API, because European users can totally choose to not share their location with you using that API. But you still need to comply for those users.
There has been for years a proposal for a standard, designed in 2009 (!), still available in all the popular web browsers (except safari) that can make for a seamless experience: the DNT header.
The diversion about the DNT header is irrelevant.
Firstly, it is not codified in law that the DNT header is canonical. What if a user forgets to check the box? What should the default be? What kind of UX should be presented to users? This stuff needs to be spelled out in law for DNT to be a valid way to express opt-in.
Secondly, it’s not a robust per-site permission. Browsers only let you set it globally.
Thirdly, it’s actually bad for privacy. By making your headers different from the majority, you are easier to fingerprint. This is why Safari does not implement it.
Be mad at companies
I get the spirit of the article.
But the GDPR has pushed the problem of consent to the users, and they haven’t done anything to make this easy or convenient. Therefore cookie banners are inevitable. Like, you can’t blame companies for acting in their own self interest; that is entirely counter productive.
The EU needs to solve this.
First, go after the data brokerage industry so that it is no longer profitable to sell user data.
Second, regulate how websites can seek permission. Ideally by specifying a consent API and requiring browsers to implement a sane UX.
It will be much more productive to try to solve this with the handful of Browser vendors than trying to regulate each and every consent banner.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
This is a pretty naive take.
If you operate in Europe, you must comply with GDPR. To selectively show a cookie banner, you have to be able to identify the (location of) the user.
It is totally reasonable for a company to operate in Europe but not wish to implement a full identity or location detection system. And so they just show the opt-in prompt to everyone.
And you can’t just implement that by using the browser’s location API, because European users can totally choose to not share their location with you using that API. But you still need to comply for those users.
The diversion about the DNT header is irrelevant.
Firstly, it is not codified in law that the DNT header is canonical. What if a user forgets to check the box? What should the default be? What kind of UX should be presented to users? This stuff needs to be spelled out in law for DNT to be a valid way to express opt-in.
Secondly, it’s not a robust per-site permission. Browsers only let you set it globally.
Thirdly, it’s actually bad for privacy. By making your headers different from the majority, you are easier to fingerprint. This is why Safari does not implement it.
I get the spirit of the article.
But the GDPR has pushed the problem of consent to the users, and they haven’t done anything to make this easy or convenient. Therefore cookie banners are inevitable. Like, you can’t blame companies for acting in their own self interest; that is entirely counter productive.
The EU needs to solve this.
First, go after the data brokerage industry so that it is no longer profitable to sell user data.
Second, regulate how websites can seek permission. Ideally by specifying a consent API and requiring browsers to implement a sane UX.
It will be much more productive to try to solve this with the handful of Browser vendors than trying to regulate each and every consent banner.
Does the law not specify that accepting and rejecting should be just as easy? And companies simply ignore that.
If I can just hit a reject all button it would be fine, a plugin can do that too.