The law says that agreeing or disagreeing should be equally easy. Companies are breaking that law.

I don't want to agree or disagree at all. I want my internet back pre-banners where I just get the content. The new internet is awful.

Personally I like the banners because they are an active reminder that that website is explicitly harvesting personal information.

Personally, I rarely come across a site that makes it harder to agree than disagree. I find both paths equally annoying.

We must not use the same internet. Agree is always one click for me, and there is generally no disagree button, but a "manage your privacy settings" button, that opens the biggest popups ever, slow as hell, when then even work,with thousand of button to click.

Examples are plentiful.

https://twitter.com/cookieshame

One interesting thing is that loads of sites use OneTrust to implement illegal banners. However OneTrust has a compliant banner on their own site.

So they can do it, but most sites deliberately configure it illegally.

It’s hard to know what a law says that requires you to read 11 chapters with 99 sections just to create a website.

https://gdpr-info.eu/

completely false, it's trivially possible to create a website without needing to involve GDPR at all.

Don't collect any information you don't actually have to, and if you do hold personal information, treat it basically like you'd want your own information treated, and you're basically good. It's really that simple.

The only people who think it's particularly hard or onerous are the people referenced by "It is difficult to get a man to understand something when his salary depends on his not understanding it."

I don’t deal with the clusterf%%% of modern front end development. I’m just tired of seeing cookie banners everywhere.

Did the law in anyway make my life better?

Obnoxious banners are not required under GDPR. In fact, unless denying consent is as easy as granting it, they're illegal.

It's not the law's fault that companies would rather implement such detrimental UX than either give up the teat of personal data or give people their rights.

It is, however, the fault of regulators for not stamping down on such behaviour when it is against both the letter and spirit of the law.

And, honestly, I consider the fact that so many websites are forced to admit that they are trying to take and sell my data to be positive.

The great "mistake" of GDPR is that it has consent provisions at all.

After previous cookie banners, they really should've known better. (Or, let's be real, absolutely did know, but left it in for corporate interests anyway.)

How do you know what is needed for that without reading the GDPR?

if you don't collect personal data or analytics, you aren't covered by GDPR at all.

in the abstract sense of course everyone has to know all the laws of society - the law in its majestic equality forbids unsafe construction practices from builders and greengrocers alike - but that's not a particularly interesting or insightful observation.

Or, blame companies for throwing passive-aggressive shitfits that aim to mislead people. GDPR doesn't mean you have to have an intrusive confusing mess of a cookie banner, for example.

In fact, a confusing banner that makes you play a minigame to get the respect for your personal information that you have a legal right to (in the EU) is explicitly disallowed.

And if you don't want any banners, then don't collect any information you don't have to. If it's actually technically needed, you don't need consent. For example, Wikipedia has lots of cookies for things like UI elements and they don't need a banner.

> In fact, a confusing banner that makes you play a minigame to get the respect for your personal information that you have a legal right to (in the EU) is explicitly disallowed.

It is. So are the ones defaulting to "yes". And the ones where there is just a popup telling the user to install some blocker in their browser without giving them a choice (like https://npr.org ). Or telling them to take a subscription if they don't want to be tracked.

All these things are illegal but unfortunately they are not enforced.

That’s not really comforting to me as an end user forced to deal with punch the monkey cookie banners everywhere.

Indeed, having it repeatedly demonstrated that companies are willing to unapologetically break laws to attempt to trick me into permitting them to scrape up my personal data is not very comforting.

So maybe the government shouldn’t pass a law that it can’t or won’t enforce? See also “The War on $x” or “because terrorism”, “think of the children”.

CNIL, the French regulator, did just (last month) fine Google and Facebook 150 and 60 million euros, so there is some level of enforcement, but I agree it's not enough.

There are some big ones here: https://www.tessian.com/blog/biggest-gdpr-fines-2020. Ironically, that site also has a cookie banner that attempts to trick you into thinking that the highlighted button will save the default preferences shown (it won't, it'll turn them all in, then save that). This is illegal too.

The problem is that GDPR didn't go far enough.

They should have added a provision that if the user has Do Not Track turned on, the site may not present a cookie barrier and may not serve any cookies except essential ones. I know many browsers have removed DNT but they sure would bring it back in a heartbeat if it actually did anything.

This is what you get when corporate lobbying gets as big as it is in Brussels :(

Enforcing the rules for handful of "normal" websites that have illegal cookie banners would cause all the others to magically discover that it's actually not very hard to have to buttons next to each other with the same colour.

Brussels might have a corporate lobby problem, but they did create the regulations in the first place, so they're already ahead of a lot of national governments (which run the regulators).

So now you want the government making laws about how to design your website?