[mytailorisrich]

The GDPR mandate explicit consent and websites really want your consent because they rely on those cookies. So we end up with those dark patterns pop-ups because of the usual law of incentives and self-interest.

As a consequence, IMHO the only way to get rid of those pop-ups is to change the GDPR to mandate a simpler format. But that's not straightforward when there are potentially cookies for different functions and each requires specific consent... We're touching a fundamental issue with wanting to regulate the way the GDPR do...

[d13]

It’s only required if you’re doing non-anonymized tracking, which websites don’t have to do at all and is completely unethical.

[baash05]

A few weeks back someone lost a case in Germany because they used google fonts, and forgot to tell people. After that, I say, why take the risk? I have more important things to think about.

[systemvoltage]

Is this an indictment and is it fair to say GDPR is a poorly implemented regulation? I am a pro-privacy advocate but like those cancer warning labels in California, I always accept cookies and move on. Billions of people spend a few seconds everyday clicking on these cookie banners. What would be the economic damage vs. privacy benefits? I appreciate what companies like Apple does with regards to privacy because it actually makes my life easier, not more difficult.

Another problem is the imprecise language of GDPR. "It's mostly not enforced for small businesses" doesn't cut it when it comes to adherence to law. Businesses need assurance, not ambiguity.

[himinlomax]

GDPR does not mandate those pop-ups, most of them are not compliant and only exist as a way to try pretend to comply with the law.

[systemvoltage]

I didn't say it’s a mandate. It’s a terrible side effect and a loop hole.

The second part of my comment is about businesses going though GDPR checklists. I did one for my firm. It’s not too bad but if you read the entire GDPR booklet, there are varying levels of adherence to GDPR. Most small businesses check off things but the boots-on-the-ground effects are negligible. On the other hand, you could technically be liable for lawsuit, but what I hear is that GDPR isn’t enforced for small businesses like mine. That’s troubling.

[baash05]

My fear is.. I'm one of the "isn't often" exceptions. I don't use an electric skateboard, or j-walk. I've been fined for both. If there is an edge case for a fine, they will fine me.

[mytailorisrich]

In general GDPR are enforced across the board. But there are so many websites and companies that there are no resources to check everyone if a breach is not brought to the attention of the relevant authority.

[mytailorisrich]

Is explicit consent mandated?

Between the GDPR and other cookie laws, explicit consent for each specific use is required, as far as I understand. If so, pop-ups are an unavoidable consequence because, again, websites don't really want to ask you they want you to consent (obviously since they rely on this)

[detaro]

> for each specific use

For non-essential uses.