[Guest0918231]

I agree with the browser implementation. Automatically blocking the cookies will likely not work because sites frequently combine tracking and required cookies.

1. When the user starts the browser for the first time, ask if they want to allow tracking cookies on all websites.

2. When the user visits a website, pass that tracking answer as true or false. Firefox and Chrome have buttons beside the URL already for 'Site Settings'. Allow users to override their global tracking setting with a per site settings there.

This would be infinitely better than the mess we have now, where every website gives us a pop-up with an intentionally confusing interface. Why can't I say 'No' to tracking once? Why do I need to do it countless times a day, each time navigating a new and confusing interface?

[chriswarbo]

> When the user starts the browser for the first time, ask if they want to allow tracking cookies on all websites.

Would it be legal/ethical to allow automated pre-commitment to all terms and conditions that nefarious sites may choose to scatter around their pages, many of which won't have been written until after the user had ticked this "agree to everything" box?

> every website gives us a pop-up with an intentionally confusing interface

Any site doing this is breaking the law. Report them please.

> Why can't I say 'No' to tracking once?

Because sites which track you don't want it. After all, they're the ones who invented "cookie banners"; and they could choose to get rid of them by just, you know, not tracking people. Yet they don't.

[maccard]

> Any site doing this is breaking the law. Report them please.

To who? What do I say? The issue with GDPR is that it's for all intents and purposes unpoliced and unpoliceable unless you happen to have sway with a local regulatory body.

I live in the UK, and ICO are toothless. Ive filed multiple complaints - inability to opt out, misuse of PII for advertising purposes, and each time have received a cookie cutter response telling me to report it to the company and respond to ICO if it's not to my satisfaction. That was the last I heard of every complaint, despite me following up.

[chriswarbo]

It's a shame; but good on you for trying anyway. It's similar to how I treat my vote: not much use on the grand scale of an election; but I need to use it, to avoid undermining any political complaints I have. It's the entry fee to get in the door. What can we do once inside? I'm not sure.

[maccard]

Thanks. I really felt deflated on the second complaint. Amazon sent a voucher for a video game from order-update@amazon.co.uk, which was clearly a marketing ploy. I contacted amazon, they said "oh we're sorry you feel that we misused your email", and I contacted ICO, got the cookie cutter response, replied with details, transcripts from amazon, and never heard back.

[Guest0918231]

> Would it be legal/ethical to allow automated pre-commitment to all terms and conditions that nefarious sites may choose to scatter around their pages, many of which won't have been written until after the user had ticked this "agree to everything" box?

Isn't everyone 'agreeing to everything' outside of the GDPR when they visit sites now, without the option of saying 'no'? Isn't everyone covered by GDPR being tricked into 'agreeing to everything' at the moment? Giving users the ability to disable the tracking aspect across all sites with one simple setting seems like a plus here.

> Any site doing this is breaking the law. Report them please.

Has any action been taken against a site for making their opt-out option more complicated than their opt-in option? Why try to regulate how millions of sites prompt users for consent instead of a few browsers?

> Because sites which track you don't want it. After all, they're the ones who invented "cookie banners"; and they could choose to get rid of them by just, you know, not tracking people. Yet they don't.

They didn't invent cookie banners, they added them because they were required by law. The same law could remove cookie banners and require the sites to respect a browser cookie.

[chriswarbo]

> Isn't everyone 'agreeing to everything' outside of the GDPR when they visit sites now, without the option of saying 'no'?

If there's no option to refuse consent, then it's not compliant with GDPR. In countries which implement GDPR (mostly EU countries, but I'm the UK and our law implements GDPR but we're no longer an EU member) those sites are breaking the law (that country's implementation of GDPR).

If you're talking about those in countries which don't implement GDPR (or equivalent), then yes; those people are generally not protected by EU law.

> Giving users the ability to disable the tracking aspect across all sites with one simple setting seems like a plus here.

I agree. Again, good luck getting surveillance companies to pay any attention, or prevent them implementing technically-legal workarounds: "Just a moment! We see you've opted out of our advanced partner network. You may be missing out on the latest tailored brand recommendations! Click here to opt back in."

> Has any action been taken against a site for making their opt-out option more complicated than their opt-in option?

Not as far as I'm aware (and I can't see any on https://www.enforcementtracker.com )

> Why try to regulate how millions of sites prompt users for consent instead of a few browsers?

1) Browsers aren't surveillance companies (OK, not all browsers are; e.g. I'm pretty sure lynx isn't meant to be spying on me).

2) GDPR is bigger than any particular technology. It seems reasonable to make some regulation like "The public considers your business model to be exploitative; from now on this requires explicit consent." It seems less reasonable make a regulation like "The technology/product/process/service you provide could potentially be used by others in these specific ways that the public does not favour; you must provide this specific mechanism/option/etc. in case it does get used for that purpose". It's not necessarily a bad idea, but it would be a pretty big ask. Even looking at the current situation, how would this handle apps? What about tracking pixels? What about scanning nearby WiFi network IDs? What about research or hobbyist operating systems? etc.

> They didn't invent cookie banners, they added them because they were required by law.

The intent of the law was to reduce the prevalence of surveillance-based business models. They've always had the option to stop. That would be the preferred option, for those who wrote GDPR, for members of the public who don't want to be tracked, for members of the public annoyed by popups, etc. They chose banners and, to a lesser extent, to gaslight the victims of their surveillance into thinking that GDPR required all these sites chose to break their own UX.

> The same law could remove cookie banners and require the sites to respect a browser cookie.

Again, it would be nice, but I imagine there would be an industry established overnight to provide opt-back-in banners, under whatever guise they can get away with.