[pieno]

But why ask for consent right away when someone just visits your website for the first time? Imagine that you walk into a shop and the owner starts harassing you right away, blocking your path and your view and nagging you whether you consent to them following you around the shop tracking what you’re looking at, what you touch, what you actually purchase, and then give the shop next door a call to tell them all about your visit so that they can all “improve your shopping experience by giving you personalised recommendations”. Pretty sure almost no one would keep shopping there. In fact, this is pretty clear from Apple’s new do not track option where Facebook said in their quarterly report that it’s really hurting then (contrary to their statements that all of their users already happily consented to tracking and that they’re actually doing their users a favour by tracking them).

What should really happen is that sites just stop asking for bullshit consent to being tracked. No one will consent to being tracked if given an actual, clear and explicit opt-in choice, if there’s absolutely no downside in refusing consent and no one is tricked into giving consent by dark patterns.

Websites should just abstain from processing personal data until the visitor does something that actually requires personal data (e.g. sign up, make a purchase, …). In those cases, most obvious processing of personal data can be done based on other grounds (performance of contract, legitimate purposes, …) so really there should not be any consent nag screens needed at all except for some very specific exceptional cases…

[xg15]

I think the elephant in the room is that tracking is the major business model that currently powers the web - and regulators (and citizens) have made clear they do not want this business model to continue.

It's really a power struggle between businesses and regulators in regards to tracking as a business - and overly complex cookie banners are the most visible sign of it.

[withinboredom]

> But why ask for consent right away when someone just visits your website for the first time? Imagine that you walk into a shop and the owner starts harassing you right away

You do implicitly give consent to "be tracked" when you walk into a shop. A savvy shop-keeper will look at the clothes (brand, style, etc.), hair, facial features, etc. and internally compare you to other's who have made purchases and either approach you or not.

The closest thing we have to that is our (pretty terrible, in the privacy kind of way) ad networks to tell us what kind of people visit our online shop. Without that information, it's hard to (nay, impossible) to guess what demographics come to our store and position the store to cater to the demographic that actually makes a purchase vs. those that don't. If I see a whole bunch of boomers coming to the site, but they don't convert, I can figure out why they're not making a purchase and do something about it, just like I could in a brick-and-mortar store.

I really don't like the amount of personal data gathered or the dark patterns surrounding them. But there's got to be a way to surface some kind of aggregate information without sacrificing privacy.

[jlokier]

They can do the tracking you've described. We all have a brain and will process at a personal level.

But they aren't allowed to make it systematic by, for example, writing a file of paper notes describing each person's recognizable characteristics to share among the staff, or doing the same with photos. Those records would be covered by the GDPR, which corrects an omission in previous laws that only covered electronic records.