[thaumasiotes]

> I've long suspected that these sites default to dropping cookies when my consent is neither asked for nor received, as MS appears to have done here.

> It's good to hear that such behavior is probably illegal in the EU.

Huh? What's the problem supposed to be?

[esperent]

It's in violation of various EU privacy laws like GDPR and the ePrivacy Directive.

They get discussed a lot here on HN so it's easy to assume everyone's familiar with them, but if you're not then you should search up a summary on them.

[thaumasiotes]

Defaulting to no cookies is a violation of privacy laws? How?

[ajdude]

I read the comment "dropping cookies" Not as "defaulting to none" But rather "adding them , drop as in airdropping or dropping a payload.

That's how I read it at least, which would mean they're defaulting to cookies when no consent is reached, but I could be wrong.

[thaumasiotes]

That would conflict with normal cookie terminology, where cookies are "set" and packets are "dropped".

But much more importantly, it is completely impossible in the context of the thread:

> [Accusation 3.] On their cookie banner, rejecting took two clicks while accepting took one.

> On 3, Microsoft argued that (a) rejecting was not actually required to be as easy as accepting and that (b) since the default was no cookies and it took a click to get cookies that rejecting was easier than accepting. The CNIL disagreed on both.

[jefftk]

"Dropping cookies" is one of those fun phrases that is commonly used to mean two opposite things.

[thaumasiotes]

But it can only mean one thing here, because it is labeled as the thing Microsoft was doing, and we know what Microsoft was doing.