DNT is too simple, there should be new better standard integrated in web browsers. The never ending popups with absolutely 0 constancy across sites is atrocious, moreover if I rejected a cookie for a domain on site A I will be prompted on site B if I want to reject it again.
For every domain that wants to create cookies, I should be prompted by the browser (like I allow camera access) if I authorize it to do so, we can even imagine that each domain would have cookies purpose information ('mydomain.com/cookies_policy') in JSON that the browser is able to present to the user (describing each cookie of the domain). Then the browser would be responsible to never create cookies that I rejected.
The main advantage would be that in incognito mode I would not have to repeat myself 10 times a day.
If you want to see an example of a more granular policy that the browsers (well, Internet Explorer, but it was the majority browser at the time) implemented also being ignored, see P3P: https://en.wikipedia.org/wiki/P3P
Ultimately the only cookie an users will willingly accept is the sessionid/rememberme. And the "remember me" checkbox is consent enough under the GDPR.
Behing all the legalese and marketing-speach, all the other purposes boils down to :
- We are too lazy to setup a matomo, so we are giving google your browsing pattern.
- FB is forcing us, so we can pay ever so slightly less for ads
- Google is offering to tell us your sex and age
- If we dont track you, we will show you a viagra ad.
- Through 4 intermediaries, we can pay this totaly-objective-blog which sent you here.
I'd love to hear from someone with a complex cookie consent pop-up, but i'd bet there is about 80% "accept all" (because the users have been trained to do it) 19% "reject all", and no-one is mixed.
So the do-not-track would have been accurate enough.
Main difference is that Do Not Track was an industry incentive, not a legal requirement like the GDPR is. They could have made it legally binding, but they chose not to.
Hrm fair point. I'm not sure DNT could have been repurposed to imply consent under much newer regulations, but you're generally right, this mechanism predated the EU regs and somehow was passed up.
"Somehow" is because there was nobody enforcing it, so nobody had any incentive to honor the request. Legislative approach is the only way to have an actual effect.
DNT was also intended to be an explicit opt out. However Internet Explorer enabled by default for three years, giving the industry an excuse to question its validity and ignore it. Privacy centric Microsoft or intentional sabotage?
For every domain that wants to create cookies, I should be prompted by the browser (like I allow camera access) if I authorize it to do so, we can even imagine that each domain would have cookies purpose information ('mydomain.com/cookies_policy') in JSON that the browser is able to present to the user (describing each cookie of the domain). Then the browser would be responsible to never create cookies that I rejected.
The main advantage would be that in incognito mode I would not have to repeat myself 10 times a day.