[Sebb767]

This is mostly malicious compliance - the law does not require these annoying popups, but the websites want them to a) make you dislike the law that prevents them from freely collecting your data and b) wearing you down, so you just accept instead of making the effort to go and deny the data collection. Also, at this point it's probably also a lot of cargo culting.

[kayodelycaon]

It's mostly ignorance now. Most people don't know the law and don't know how to comply with it. If the popup method hasn't been invalidated by a court, why spend more on time, energy, and risk doing something different?

[bee_rider]

Is there really much risk in just not tracking by default?

I think ignorance is part of it, but also, they don’t actually want to do what users want them do to, which is just not track unless the user goes looking for options that actually require tracking at a technical level.

[kayodelycaon]

> Is there really much risk in just not tracking by default?

Let’s see… I can’t even stop Marketing from breaking our site with Google Tag Manager.

A significant portion of our sales come from the ability to track users and email them useful product recommendations.

We do not sell customer data and try to avoid vendors who do. It’s only used internally.

[burnished]

Absolutely not. The people implementing know, and the people designing know. This represents intentionality.