[brookst]

So you’re a company with a web property. Your lawyers tell you you have two options:

1. Ensure that you’re perfectly abiding by all “legit purposes” and be prepared to update your policies and software each time those change, at the risk of huge fines. Or,

2. Just put an annoying banner up and have no risk.

Which do you do?

Government created this problem. Yes, it was in response to bad behavior from industry, but that doesn’t absolve the bureaucrats from responsibility for the results of their “solution”. If someone lights your kitchen on fire and the fire department’s response is to burn down the entire house, there is plenty of blame to go around.

[mrguyorama]

If these are the two options your lawyers give you, fire them, because they are lazy shit bags.

All you need to do is not store cookies. That's it. It's not difficult at all. If you do want to cover your ass and use a consent dialog, there's a million options that are non-disruptive to your users and allow them to one click opt out.

[cassianoleal]

That's not how this works though.

The banners usually don't provide you with an all-or-nothing approach. Choice is usually between reject everything *except essential*, accept everything, or something in between.

That means the analysis for point 1 has been made. They know exactly which cookies need consent.

[gizmo]

This is nonsense. You can't just put any kind of cookie banner up and magically be in compliance. You'd still have to explain what kind of data is being shared with with parties and why. And you have to update your privacy policy to keep it accurate in any case!

In fact, many of the websites that have these obnoxious cookie banners are NOT in compliance because don't offer a simple and unambiguous opt-out option.

These cookie banners and cookie popups are intentionally made to be maximally annoying. That's not good faith behavior by companies. That's malicious and an attempt to get consumers to blame regulators for breaking their browsing experience. The worst thing is that some people totally fall for it!

[josefx]

2 doesn't work since you actually have to list what you use the data for and keep that list up to date. You think large companies like Google didn't already try that?

> Which do you do?

Given that 2 goes out of its way to violate the law and make your users miserable I would suggest 1. But that is just the opinion of a non lawyer.

[tester756]

Cookie law is how many years old? 10? 15?

For how many years they can pretend to be dumb and act like they dont know?

They just want to do shady stuff with the data, that's it.