Hacker News new | ask | show | jobs
by layer8 1206 days ago
> Why couldn't that have happened in the browser though?

That would require more regulation, by regulating both browsers and websites, and their technical protocol. Instead the EU tried to minimize regulation by not prescribing the exact technical means by which websites would need to obtain consent for tracking from users.
1 comments
luckylion 1206 days ago
Why would cookie-handling in the browser require websites to be regulated? They can set cookies, your browser reads the request and then decides to store them or not to store them, or to only store them for some amount of time, based on your preferences.

Browsers could already do most of it, and there are far fewer browser manufacturers than website owners, and they have far more resources than the average website owner, and, at least for some of them (all of them except Chrome), the incentives would be aligned. Right now it's "protect the user (and earn less money)", and the results are unsurprising.

link
layer8 1206 days ago
The browser can’t distinguish between legitimate “necessary” cookies that don’t require consent and those that do. Hence there would need to be a technical specification of how websites mark cookies that do (or don’t) require consent. Even more importantly, for cookies that do require consent, the user has to be informed about their respective purpose, so that they can make an informed decision about whether they want to accept or reject the cookie. So there would need to be some standardized way for the website to give that information for each cookie, if the browser is to handle acceptance on behalf of the user.

Lastly, cookies aren’t the only way of tracking. Websites can also use local storage, or fingerprinting, and so on, each of which can equally require consent. If the browser consent mechanism is restricted to cookies, websites would have to be mandated to always use a cookie to ask for consent, even when they actually use other means for tracking, and websites would have to explicitly check whether the cookie is stored or not in order to control any other tracking.

link