Please remember: functional cookies (login session, shopping carts) do not need user consent. So every time you see one of this oversized cookie banners someone is trying (often through dark patterns) to make you accept the whole tracking and spying as well. Don't be mad at the legislative for creating the need for tracking consent. Be mad at the websites that are trying to stir you up against that law by annoying you with those banners.
@daniel That would be neat for all not technical/functional cookies i agree. It would be better though for the internet to ditch all that spying bullshit and to selfhost their analytics.
@mzumquadrat IANAL, but from my knowledge, analytics that parse the logs, or are selfhosted on the same domain, don't need such popups either.
So even if your business requires some statistics and tracking, there are 'proper' ways to do that, without selling out your customers to an ad-network or dataminer. Which was another attempt by the legislation.
But fought against, by those datahoarders by making it annoying and looking unavoidable.
@berkes Yes, selfhosted analytics is also defined as functional/technical. But it is more lucrative to offload the tracking to a dataminer. :(
@mzumquadrat Thanks for clarifying.
I don't agree with the 'lucrative' part, though. The gains from not having a cookiewall can be large for certain businesses.
And hosting your inhouse plausible, matomo or such, can be acquired as SAAS. For mere dollars a month. Not everyone needs a matomo cluster.
Goaccess, stats built in your CMS, the reporting feature of your ecommerce, a free tier at a SAAS: cheap options enough.
This hackernews-featured article recently found and that reuters.com shares your data with up to 647 different companies if you "accept all" cookies http://www.conradakunga.com/blog/what-do-you-actually-agree-to-when-you-accept-all-cookies/
@berkes Lucrative is not always monetarily. It is also lucrative to offload analytics to a third party to shift responsibilities to the third party. So basically you have someone else to blame/ to use as scapegoat.
@mzumquadrat good point.
The middle-ground, where you pay matomo or plausible or such, for the hosting on your domain, would cover many of such cases, though.
AFAIK there is no legal requirement that says you have to do it all by yourselves. Then It's more a matter of buying from a privacy-friendly, technically sound, and potentially selfhostable provider.
@berkes You are right, there is no legal requirement. But a phrase i often heard regarding plausible, matomo is: Well i never heard of it. Why shouldn't we use google analytics? Everyone uses that.
@mzumquadrat ...an argument fortified in the great book 'crossing the chasm' on getting new tech into markets with established 'monopolies'.
Anyway, the simple answer, her, is: 'because it allows you to remove the cookie popup.'
Which should be compelling to many a marketing manager, analyst or business owner.
@berkes But then they have to explain to management why they aren't using the cool <hypetech> everyone around them is using. I totally agree with your argument though.
@felix afaik, they do (did?).
But also afaik: that would mean they are not allowed to read the data, then. Which is counter to their businessmodel.
@L29Ah and most of these sites don't even bother to tell you why this happens. And some sites just freeze bc they use those damn google recaptchas, which i do not even see (i block everything from google).
@poebbel Sure, GDPR (european data protection law) and the Directive 2009/136/EC (often called cookie law) state that functional cookies, which also includes selfhosted tracking one, have implicit consent from the visiting party. Every other cookie that is not strictly necessary for the website to function (in a technical sense) requires informed consent by the visiting party
@mzumquadrat thanks Marcel. Thanks also for mentioning dark patterns. Hadn't heard that term before.
> you must... receive users’ consent before you use any cookies except *strictly necessary cookies*
> Strictly necessary cookies: These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site [example: cart]
> Preferences cookies: Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past. [example: language, region, auto-login]
@mzumquadrat I (re)searched that for my future reference. Legalese is hard and confusing :( and I feel like that page is the "dumbed down" version, and still I don't fully understand it. Are "login cookies" that keep you logged in and span sessions "functional", as opposed to always-login single-session "critical"? What even is a "session"? https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies has some more info, like "the browser defines when the 'current session' end". Thanks I guess :(
First of all: I see that i forgot a :) at the end of my message thanking you for linking the gdpr website. So again, thank you for linking that site. :) It made it a little bit easier to read about that whole topic (i basically tried to understand the official documents). And i agree: It is very hard to understand legalese terms. Login-Cookies are i think also okay under the GDPR and require no consent since it is very hard to abuse them for tracking purposes.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.