Hacker News new | ask | show | jobs
by warrenm 996 days ago
Personally ... I think the best option (if you have to have cookies (and there are plenty of reasons you may want/need them)) is to have screen-wide, contrasting-color, short-top-to-bottom bar with a single OK or Accept button for dismissal

Do not give people options about cookies - either they accept (and dismiss the notice), or they leave

When I am presented with cookie options, I start to wonder why there are "unnecessary" cookies present: why are you letting me accept "necessary" cookies or "all" cookies? Why would you have ones that are not needed? Seems hyper sketch ... and I'll go elsewhere (or reject all)
3 comments
mnw21cam 996 days ago
> Do not give people options about cookies - either they accept (and dismiss the notice), or they leave

That's outright and explicitly illegal.

(I just thought I'd make that point in a quicker and simpler way than the otherwise great sister post.)

link
warrenm 996 days ago
It's not illegal at all

You're allowed to say, "we have cookies - you do not have to stay"

link
danaris 996 days ago
Per the GDPR, you are not allowed to condition access to the website on acceptance of tracking.
link
warrenm 995 days ago
Yet lots of EU sites do it

As they should

link
IanCal 996 days ago
> When I am presented with cookie options, I start to wonder why there are "unnecessary" cookies present: why are you letting me accept "necessary" cookies or "all" cookies? Why would you have ones that are not needed? Seems hyper sketch ... and I'll go elsewhere (or reject all)

Because some are required for the functioning of the site. They can justify dealing with those without you approving it.

Some are there for advertising, that's not required for you to use the site but they'd definitely like to. So they need you to actively consent.

link
warrenm 996 days ago
I know why the others are there - but the fact that you have unnecessary cookies makes you look sketchy
link
pocketarc 996 days ago
If you're adding a cookie banner for legal reasons, that means you're covering against GDPR, which says that you're -not- allowed to refuse service based on someone not wanting cookies that are not necessary for providing the service (e.g. all the analytics/tracking crap).

You're obligated to give them a way to opt out while continuing to use your service, and it should be as easy to decline as it is to accept[0]. The funny part, of course, is that countless services have put up banners that don't make it easy at all to reject, which means they're still not compliant, they just make the legal team feel warm and fuzzy.

That's why you see necessary vs all, because it's "can we track you or not". If you're just doing absolutely required cookies (e.g. session cookie), you don't even need a banner.

[0]: https://gdpr-info.eu/issues/consent

link
snmx999 996 days ago
Some of Germany's largest online newspapers, like Bild (https://www.bild.de/) demand either that you subscribe to their online paper or consent to all cookies. As far as I see there is no way to reject the cookies.
link
diffeomorphism 996 days ago
Ruled illegal already for other websites:

https://noyb.eu/de/pay-or-okay-tech-news-site-heisede-illega...

link
markus92 995 days ago
English link: https://noyb.eu/en/pay-or-okay-tech-news-site-heisede-illega...
link
warrenm 994 days ago
If that is true, why would any sane company/website stay based in the EU (if they want to use cookies)?
link
diffeomorphism 993 days ago
Unrelated to where you are based. Also there is no restriction on cookies as such, just on spying. So defaulting to spying seems much less sane now, agreed.
link
mnw21cam 996 days ago
That's only because Schrems hasn't got round to suing them yet.
link