[Kbelicius]

> If you can't enforce the law, then it is a bad law.

It isn't that this can't be enforced, it just lagged because of the size and changes that this law brought.

> Also, this is a problem that naturally solves itself over time, so no law was ever needed.

How does it solve itself?

> The UX of the web degraded for everyone after GDPR was passed and that I think everyone can agree on.

Due to website operators doing illegal things.

> If people care about privacy, then over time they will migrate to companies and services that respect their privacy.

Why would people care about something they don't know about?

[ahnick]

> It isn't that this can't be enforced, it just lagged because of the size and changes that this law brought.

How long have these laws been out and we are still dealing with these issues. They seem to have gotten worse, not better.

> How does it solve itself?

People build services that don't track others and people pay for those services. It's pretty simple.

> Due to website operators doing illegal things.

If it was so illegal it would be stopped, but apparently businesses are indeed complying with the law.

> Why would people care about something they don't know about?

It's well known that cookies track you across sites and some people choose not to use those sites. The sites are required to disclose this information, so users are definitely aware.

[Kbelicius]

> How long have these laws been out and we are still dealing with these issues. They seem to have gotten worse, not better.

No, they have gotten better. Earlier reject all was barely seen on the internet. Now it is on the majority of places or at least in much more places. How is that getting worse? Can you please explain how it has gotten worse or why you think it has gotten worse?

> People build services that don't track others and people pay for those services. It's pretty simple.

How would an average individual know that a service is tracking them if the service doesn't need their consent for it?

> If it was so illegal it would be stopped, but apparently businesses are indeed complying with the law.

GDPR art. 7.3:

"The data subject shall have the right to withdraw his or her consent at any time. 2The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 3Prior to giving consent, the data subject shall be informed thereof. 4It shall be as easy to withdraw as to give consent."

So the law states that it must be as easy to reject cookies as to accept. That means that it is illegal to hide reject all.

In the parent post of this thread there is even a link about a court case:

https://www.techspot.com/news/108043-german-court-takes-stan...

So has your opinion with this information changed on who is to blame for the bad UX? If not, why not?

> It's well known that cookies track you across sites and some people choose not to use those sites. The sites are required to disclose this information, so users are definitely aware.

Maybe now, because of GDPR forcing site operators for asking consent to being tracked. But you said that it would happen organically without GDPR. I'm confused, even you, in the last sentence say that sites are required to disclose information but that is because of GDPR. It isn't the market somehow reaching that point organically. So which is it because you seem to agree that GDPR is needed but at the same time you are saying that it isn't needed and the market would sort it out. I'm really confused now.

[ahnick]

There were laws requiring disclosure before GDPR and there were already tools to disable or prevent trackers built into browsers or adding on with plugins. (organic market developments) You also had alternatives to services that used the lack of tracking as a reason to choose a particular service offering over another. GDPR ended up just making these disclosures more in your face. Text like "It shall be as easy to withdraw as to give consent" is so vague as to be useless, which is why there are so many disagreeing opinions are whether companies with their current implementations are complying or not. GDPR is a bad law and in general the EU hasn't learned it doesn't get to enforce its laws in countries outside of its jurisdiction.