[janosdebugs]

> Because WebSession is dedicated to session maintenance and nothing else, a client could theoretically reject all cookies on any supporting site, ideally skipping the jarring cookie banner experience.

This has nothing to do with cookies, the banner is required if the site is processing data that is not just technically necessary. In this case the site needs to ask the user for consent or at least inform them of processing due to legitimate interests.

[spiderfarmer]

Still lots of sites have cookie banners because the legal department demands them, even though they are not needed for the cookies they use.

[archerx]

Maybe they need better legal departments that can actually read and understand laws?

[jampekka]

Nobody ever got fired for joining the cargo cult.

[latexr]

I wouldn’t be so sure. Joining the cargo cult doesn’t make you immune to the law.

https://noyb.eu/en/noyb-aims-end-cookie-banner-terror-and-is...

[jampekka]

Very unlikely this will cause anybody to be fired. Will not probably even lead to company fines, nor the disappearance of the illegal dark patterns. E.g. a lot of sites used the IAB nag that was found illegal by the regulators. But IIUC only IAB had to pay a small fine and I'm quite sure nobody got fired for it because it was the "industry standard".

NOYB is fighting the good fight, and without it GDPR would be even more useless. But it's a losing battle, and NYOB itself is sort of admitting that. https://noyb.eu/en/statement-4-years-gdpr

GDPR is in theory a good law (although things like mandatory honoring of do-not-track headers should have been obviously included). But it's not being enforced almost at all probably due to regulatory agencies and EU being corrupt AF.

Having a lot of money, lobbyists and lawyers makes you immune to the law.

[latexr]

> Will not probably even lead to company fines, nor the disappearance of the illegal dark patterns.

NOYB’s intervention has lead to fines and I’ve been seeing way more banners have a “Reject All” at the top level. I remember noticing that at the same time NOYB posted about it. Unfortunately I don’t remember any useful keyword to search their website and post the source.

Though I’m not disagreeing with you. I have no doubt the dark patterns will continue and these companies will be as vampiric as they can get away with.

My strategy is to use that as a useful signal: the more a company or website bends over backwards to try to get me to accept data collection, the more I know I can’t trust them and will simply leave.

[Zanfa]

> NOYB is fighting the good fight, and without it GDPR would be even more useless. But it's a losing battle, and NYOB itself is sort of admitting that. https://noyb.eu/en/statement-4-years-gdpr

I'm not sure how much of this is attributable to NOYB, but over the last year or two, years there's been a significant uptick in the number of "Reject All" buttons showing up and I have a hard time believing companies are putting those there out of goodwill.

> GDPR is in theory a good law (although things like mandatory honoring of do-not-track headers should have been obviously included). But it's not being enforced almost at all probably due to regulatory agencies and EU being corrupt AF.

Agree with the missed opportunity of DNT headers being included in the law, but enforcing EU rules is always tricky. At the end of the day, it's 27 different countries, each with conflicting interests. With GDPR in particular, I believe one of the issues is that it's enforced in the country of incorporation, so another country can hold up the enforcement process if their data protection agency is slow, no matter whether due to corruption or incompetence.

[extraduder_ire]

I recall a friend of mine worked support for some sass meeting software (oncehub-like) and got an email from a non-technical user asking if the booking invite page is missing a cookie notice.

He had to explain that they re-engineered the page a while back to not collect any data besides what the person puts into the form (the page explains that collection, but inline) so they wouldn't need one. Don't know if it was an aesthetic choice or if they AB tested it.

[mpeg]

I think it’s often the opposite, sites have cookie banners that are actually useless because they’re still not compliant.

Often if it’s a custom cookie banner it will only have an “accept” button (no way to reject!) and usually with vague language like “ok”

Even where they do have the right language and a way to reject cookies, sometimes the site sets cookies ahead of the user actually accepting them.

[janosdebugs]

IANAl, but this would still be compliant if they use legitimate interest as a justification. In that case the user just needs to be informed and have the opinion to object via separate means.

[diggan]

Yeah, companies tend to be over-careful. They trust the legal department knows what they're talking about but in this case they don't, but the company decides to listen to them anyway. Especially if the legal department is a part of a US company, thinking they adhere to some EU regulation they can't seem to quite understand fully.

:shrug:

[Aachen]

If they had asked a legal department whether a banner is needed for functional data storage (such as a cookie), they'd know it isn't demanded by them

[xctr94]

And also because then users will automatically click “Accept All Cookies” as that’s the highlighted CTA. This reply is only mildly cynical.