@sir Still a move in the right direction

@brandon I dunno, it seems like a pretty headline to get good press for complying with a stupid law and not actually changing their behavior in meaningful ways

@sir @brandon If you comply in this manner actually the law isn't stupid. Otherwise it is.

@clacke @sir @brandon the law doesn't say you have to use a banner. It's a stupid misinterpretation of the law.

There is literally no nothing that talks about cookies. What they talk about is use of personally identifiable information (tracking cookies is one of those things).

The banner itself also is a not enough to get you out of abusing personally identifiable information. The site also should not track you by default (the banner should make it as easy to opt out as it is to opt in).

Based on their post, it seems as though Github is in compliance. Their previous banner was either unnecessary or not enough, depending on what their previous behaviour was.

Now all the of t his assumes the law is actually being enforced, which we haven't seen much of yet. There are some cases slowly making their way through the system, but I don't think expect to see anything in a while. The fact that nothing has happened yet is why people think that the cookie banner is enough to keep the theory illegal activities legit.

@loke @clacke @sir @brandon

It is “planned” to ban the bad patterns which I partly described in https://conf.tube/videos/watch/4102f53a-3f91-46c1-bb9b-fb954990f023

Asked many question in details to EU Commission regarding #DigitalMarketsAct …

@loke @clacke @sir @brandon
the cookie banner is a separate thing, from before GDPR

@wolf480pl @clacke @sir @brandon that's true, but GDPR is overriding that one, no? In any case as far as I recall even the old one didn't require banners in the way websites implement them

@loke @clacke @sir @brandon
IIRC it required informing the users about the use of third-party cookies.

And yeah, GDPR overrides that I think.

@wolf480pl @loke @clacke @sir

Yes, this is primarily about not using third-party cookies, not letting ads and analytics (specifically from GitHub) track you across websites

@loke @sir @brandon Right, I should have said the consequences of the law and how people have reacted to it, regardless of how it was intended or written.

@sir @brandon

Cookies are just a technicality, what GDPR regulates is personally identifiable information - be it a cookie, be it a device fingerprint. At the same time GDPR doesn't require explicit consent for essential data like you don't have to consent to your IP being stored in Nginx logs for a brief period of time or Django setting session cookie.