Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Do I like these consent banners? Most of them not. Neither as consumer, nor as the one implementing them.

Then why would you implement them (assuming your company is not rotten), if not for compliance with regulation that failed to find the sweet spot?



Not OP, but the sweet spot is there: For anything under your control, that does not collect personal information, or shares data with third parties, you don't need any consent at all.

But you might find it easier (or whatever) to integrate Google Analytics than set up your own Matomo instance, so you'll have to ask the users if they want their data shared with Google.

It's not as complicated as most companies want to portray it.

edit: I had our company website at this point. Locally hosted fonts, no external tracking, own Matomo instance, everything was great and I could finally remove the cookie banner. Then marketing came around the corner, wanted to run paid ads on LinkedIn and Xing, also it was "sooooo comfortable" to link Google Analytics with Google Ads and see how your campaigns perform. Now there are more external scripts than ever, we have Cookiebot (let's see for how much longer :-D) and a cookie banner with the usual settings and lawyer copy on it. I hate it.


We implemented a banner on a website that is using our own Matomo instance, but on a different domain, because some other customer projects use the same Matomo instance. We weren't sure if that counts as owned by a third party, so it was decided to implement the banner. Better be safe than sorry.

I don't think that it is always trivially obvious how to correctly comply, like some other comments claim. Especially when you really want to eliminate all legal risk and avoid Abmahnfallen.


> We weren't sure if that counts as owned by a third party

IANAL, but if the people/company running it is the same entity I think you should be fine. Browers on the other hand will only look at the domains and think it's somebody else... So... Yes, better safe than sorry.


> Then why would you implement them (assuming your company is not rotten), if not for compliance with regulation that failed to find the sweet spot?

Because they are the path of least resistance. Companies don't want to spend any time figuring out how to actually be compliant, so they slap these cookie banners on, most of which aren't compliant.

Also they're not "cookie banners". You don't need to show a banner to set cookie that your site needs to function (such as login, etc.).

They're "we're doing stuff you didn't ask us to and sharing your data with over 300 other companies" - banners.


For example I have a Matomo instance running on my own server. I need to ask for consent (and since this month would even need to ask for consent, if I were doing the cookie less thing). Maybe I am just a little bit vain, because I like to see the days I have one to three visits on my blog.

I use klaro.js as a consent tool. No need for a CDN.

I configured it such that on the first screen you can opt in, opt out or choose to choose.

I hate the ones (them being not in line with the regulations btw) that force you to go to the second screen for saying "no".

It needs to be as easy as one click for yes or no.


> I hate the ones (them being not in line with the regulations btw) that force you to go to the second screen for saying "no".

Absolutely. At the very least it should be legally required that "Reject all" is at least as easy and prominent as "Accept All" if we already started to legally require clicks for consent.


This is actually legally required. At least the easy part. Not the prominent part. But a 6pt link compared to a big button wouldn't fly legally.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: