[sbagel]

the cookie debacle really illustrated how toothless and futile current regulatory attemps are, the industry simply side-stepped the intent of the legislation and that was the end of it. It seems the cookie notices are annoying by design to guide public opinion against future regulatory attempts. "See what they made us do? Don't regulations stink?!"

[dTal]

>It seems the cookie notices are annoying by design to guide public opinion against future regulatory attempts. "See what they made us do? Don't regulations stink?!"

I get that impression also, and doubly so for the FUD-packed GDPR messages. "Oh sorry, we can't legally serve this webpage to you, EU resident, because of the atrocious GDPR! (because it's full of spyware which the GDPR forbids but we won't say that part out loud)"

For what it's worth, I do think the GDPR messages are raising awareness in a way the cookie warnings were not, in part because some websites use dark patterns to get you to "agree" and others do not, and people are starting to smell the bullshit. If nothing else, the laundry list of trackers the websites are required to tell you about is a real eye-opener to the layperson who doesn't run uMatrix.

[varispeed]

If think the regulation wasn't a point of this work, but the main reason this was worked on in my opinion, was to fleece the tax payer. Imagine how many dinners, conferences, experts, lawyers, contractors, researchers had to be paid over the years. They eventually had to come up with something and that's the half bottomed result. If it doesn't work? Well, everyone already got paid and probably now work on something completely different. If there is too much noise about this, they'll have a reason to fleece the tax payer again and go through years of "fixing" the legislation. This is when you have unaccountable organisation (EC) without any bodies that would and could investigate corruptions and scams like these.

[MereInterest]

That and an attempt by companies to continue a business model that is expressly illegal under the GDPR. If a company relies on user-tracking with assumed consent, being required to get affirmative and freely given consent tanks their income. And that's perfectly okay and reasonable for laws to do. Business models are not a right.

But, those companies then have a choice. Option A: Accept that their business model relied on widespread stalking of their users which was never acceptable and is now illegal, and significantly change the business. Option B: Pretend they didn't notice, throw up a pop-up ignore the "freely given" requirement for consent, and hope nobody calls them out on it.

Option B is a lot easier for scummy companies to do, and the prevalence of opt-out banners with assumed consent and dark patterns shows how many companies went that route.