[ketzu]

> Ideally, we'd be able to control opt-outs at the browser level.

We tried it at the protocol level with do-not-track and it just gave them an additional bit of info to track.

But I agree: It would be awesome to have this as a browser option. Just send a list of all the optional things to my browser which responds with the accepted results.

> The second best thing would be a law to prevent consent popups from making it harder to opt-out than it is to opt-in

Isn't this what's written in the GDPR?

[MaxBarraclough]

> Isn't this what's written in the GDPR?

Yes. A pity it's almost never enforced. From [0]:

> Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.

> Explicit consent requires a very clear and specific statement of consent.

> Make it easy for people to withdraw consent and tell them how.

[0] https://ico.org.uk/for-organisations/guide-to-data-protectio...

See also: https://ico.org.uk/for-organisations/guide-to-data-protectio...

[cdrx]

> Isn't this what's written in the GDPR?

I wish it was this explicit, but it isn't. EU member states have all interpreted the regulation differently.

Making it harder to opt out than in is explicitly prohibited in the UK and Germany. It is perfectly legal in Italy. In Spain, it is legal to bury the opt out buttons at the end of a 50 page cookie policy.

Full compliance, across the whole of the EU, is exceptionally difficult.