I fail to understand why politicians thought the cookie dialogue was a good idea. Adds almost nothing to benefit user and huge annoyance from the UX perspective.
Politicians never thought the 'cookie dialogue was a good idea'. Politicians aimed to reduce the use of cookies for tracking without consent. That the industry responded by either ignoring the directive and/or by harassing their users to give that consent forcibly isn't on the politicians but on the owners/operators of those websites.
Lawmaking is like chess. Politcians and their lawyers should anticipate what bigcorp will do in response to new law and inject countermeasures before the law is introduced.
Cookie law was lame af from the beginning and did nothing but annoyed end-users.
The relevant governing bodies need to crack down on companies that are violating the rulings and ensure that it's understood this is a requirement for doing business.
If you've ever been in a position to write policy, you know the adage that if you design something to be idiot-proof, they'll just design a better idiot. Same rule applies for bad actors.
Laws don't try to predict everything, that's why the spirit of the law is just as important as the letter. What the law means to accomplish is just as important as what is actually written, and persons who violate the spirit of the law while not explicitly violating the letter should not get a free pass; this is not how law works, and it's why despite the hundreds of thousands of laws on the US books, there are still courts to interpret laws and make rulings on situations.
Corporations can kick and scream all they want while writhing through to meet the letter of the law, but that doesn't make them right, it just makes them desperate.
I can understand if it was a small subset of companies that made it difficult for the user.
I can show multiple government websites where the UX is broken. There is no profit motive there. But if you live in the EU, you probably have seen it already.
It is so worse that chrome has an add-on that has 800k downloads.
Cookie law wasn't lame. Regardless of what kind of law you crafted, the corporations that are used to skirting the law, especially in the US legal landscape, would try to dodge the law by any means possible. Ranging from having people 'consent' to the cookie through tos, or by making it difficult to reject. BOTH of which are prohibited by law. They were prohibited exactly to prevent skirting the law.
So basically every cookie prompt that makes you take more than one click to reject or says "You consent to this -> Yes" is in violation of the law and they will get fined if they are reported.
I've also seen a lot of other sneaky bypassing of the law.
For example the news site nu.nl now requires having a free account to read many specific articles. This is a smart move on their part because logging in requires maintaining a higher amount of user information across visits and thus it brings a lot of tracking into the "technically necessary" realm so they don't have to ask permission.
I disagree. If companies decide to take these laws in the worst possible way, far worse than any normal and sane person would anticipate the problem isn't with the law.
Take into consideration that these companies annoyed their users but blamed it on the politicians, which is pretty irrational behavior.
And here you are, still blaming the politicians. As a result the GDPR came into being which is far more strict, it too is being blamed as the reason why many companies have now decided to shut down service altogether as the easiest solution to comply, when obviously the alternative would be to simply stop tracking your users.
> If companies decide to take these laws in the worst possible way, far worse than any normal and sane person would anticipate the problem isn't with the law.
Are you saying that before the 2002 ePrivacy Directive came out most people who thought about this wouldn't have predicted that companies would put up cookie banners?
The cookie nagging kinda worked for a while because EU bureaucrats bad. But I believe their was a general shift in realizing Google et al. spy on you where it backfired in the long term.
Users were way more naive at the time of cookie banners being introduced. Internet were still not a real IRL thing.
I think if you confronted your average user with what these companies collect in data behind the scenes they would be astounded. I've seen a lot of this stuff professionally and it is quite amazing that any of this is legal at all. The profiles that these companies have on private individuals are at a level that the intelligence services likely can not match, either in quantity or in quality.
To Joe Doe's defense it took way to long for me to realize Google stalked me on the web. Embarrassingly long. "Internet people" told me but I thought they were crackpots.
> cookie dialogue (...) Adds almost nothing to benefit user and huge annoyance from the UX perspective.
It's misinterpretation of the letter of the law (there's no such thing as a cookie dialog/banner) and the spirit of the law (disabling tracking should be easy default choice, not the convoluted, hard choice).
Cookie banners are simply the most annoying and spiteful way to fulfill the EU regulations. You don’t need to block access to the website until you accepted tracking. If you don’t track you don’t need any thing at all.
Things that are technically necessary to facilitate functions requested by the user like shopping carts or login tokens are exempt under clause 22 of the ePrivacy directive.
Don't set any other cookies and you won't need to ask for consent.
Politicians aren't forcing websites to set more than the strictly necessary cookies, which require consent. It's marketing/advertising that does.
That's because the cookie dialogues as they are now were never part of the original GDPR and other privacy related bills/acts/whatever.
GDPR requires that consent is as easy to withdraw as it is to give. [0]
That companies have dragged their feet and gone kicking and screaming with cookie banners is irrelevant to the actual law; the EU needs to start cracking down more and more on this to show what it actually means, since it's quite clear that companies are not going to willingly comply with the data consent laws.
So don't blame the politicians on this one, they never gave any requirement for such banners, and in fact specifically mentioned that it must be simple to revoke/deny consent. Companies that didn't want to comply with GDPR and other privacy laws decided to make it as painful as possible for you and I and blame it on the privacy rules.