[imiric]

Cookie consent forms were a response to the "cookie law" passed in 2009[1].

If they're now illegal, that's on the EU for making them vague or not strict enough.

But my point is that fighting this with laws is:

- too slow, since by the time governments catch up that something should be done, a lot of harm has already been inflicted upon users. And by the time laws do come to pass, tech companies have grown in power and already have alternatives to keep growing. Governments are constantly playing catch up, which was a problem even with Big Tobacco/Pharma, but the speed of innovation of Big Tech is unparalleled.

- too ineffective, as breaking these laws is too slow/difficult to prosecute, and even when companies are fined, it's mostly symbolic to even matter. I.e. to them it's just the cost of doing business.

[1]: https://gdpr.eu/cookies/

[dmitriid]

> Cookie consent forms were a response to the "cookie law" passed in 2009

> were a response to the "cookie law" passed in 2009[1]

Your link clearly states: "Receive users’ consent before you use any cookies except strictly necessary cookies".

For everything else you need to ask for consent with "No"/"Reject" being clearly labeled and being the default option.

Yes, it's that easy.

> too slow, since by the time governments catch up that something should be done, a lot of harm has already been inflicted upon users.

So, what eactly is your proposal except "law is bad"? How do you propose law should work to minimize harm?

To be clear: I think that EU is too slow and too lenient when prosecuting things illegal under GDPR, and that they should pick up the pace. However, "omg this law makes the web bad" is in itself is a very bad take. Because it takes responsiility from those who are actually responsible for making the web bad. They are now exposed... but managed to persuade people that it's not their behaviour that is blatantly evil, but that "the law exposing them is bad".

[imiric]

I'm not saying "law is bad". I'm saying that the process of prohibiting a behavior after it happens is too slow and ineffective for Big Tech. As it was for many other industries before, but particularly now for Big Tech.

What needs to happen is for privacy-minded tech people to propose and lobby solutions to governments that make it impossible for companies to violate these rights in the first place, and then governments making it a law for this technology to be used by all companies. E.g. the DNT header could've been one such solution, but the fact it was never made part of a law is what led to it being abused for ironically tracking itself, and now abandoned altogether.

We're in this mess because governments fundamentally don't understand technology and how to police it. Either that, or they're willfully complacent with the status quo because it benefits them as much as the corporations.

[dmitriid]

> I'm saying that the process of prohibiting a behavior after it happens is too slow and ineffective for Big Tech

Do you realize that all laws happen after something happens? Even your proposed solution of tech people coming up with something would also happen after the fact?

> What needs to happen is for privacy-minded tech people to propose and lobby solutions to governments that make it impossible for companies to violate these rights in the first place

Ah yes, the magical technical solution that is impossible to violate.

Good thing that you mentioned DNT. Do you know that DNT ended up being used for browser fingerprinting and hence tracking?

Had DNT been codified into law, you'd be complaining on HN that the law is bad and governments don't understand technology.

> Either that, or they're willfully complacent with the status quo because it benefits them as much as the corporations.

wat. GDPR is literally aimed against the status quo. I wish it was more rigorously enforced, of course.

Also, it doesn't apply just to the web. It asserts right to privacy as a fundamental right.