News: 0179521372

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Europe's Cookie Law Messed Up the Internet. Brussels Wants To Fix It. (politico.eu)

(Wednesday September 24, 2025 @11:30PM (msmash) from the hallelujah dept.)


In a bid to slash red tape, the European Commission wants to [1]eliminate one of its peskiest laws : a 2009 tech rule that plastered the online world with pop-ups requesting consent to cookies. From a report:

> It's the kind of simplification ordinary Europeans can get behind. European rulemakers in 2009 revised a law called the e-Privacy Directive to require websites to get consent from users before loading cookies on their devices, unless the cookies are "strictly necessary" to provide a service. Fast forward to 2025 and the internet is full of consent banners that users have long learned to click away without thinking twice.

>

> "Too much consent basically kills consent. People are used to giving consent for everything, so they might stop reading things in as much detail, and if consent is the default for everything, it's no longer perceived in the same way by users," said Peter Craddock, data lawyer with Keller and Heckman. Cookie technology is now a focal point of the EU executive's plans to simplify technology regulation. Officials want to present an "omnibus" text in December, scrapping burdensome requirements on digital companies. On Monday, it held a meeting with the tech industry to discuss the handling of cookies and consent banners.



[1] https://www.politico.eu/article/europe-cookie-law-messed-up-the-internet-brussels-sets-out-to-fix-it/


Prop 65 (Score:4, Insightful)

by snikulin ( 889460 )

Can California address the Prop 65, too?

Third-party JS (Score:2)

by Valgrus Thunderaxe ( 8769977 )

This is far more insidious than cookies but doesn't require any consent. Why not?

I reject cookies every time it pops up (Score:3)

by caseih ( 160668 )

I guess I'm a weird one. I opt out of unnecessary cookies every time I see that popup. Not that I actually believe the honesty of the site, but I guess I'm just trying to send them a message. Of course I also run ublock origin and privacy badger to block those tracking cookies.

Re: (Score:2)

by Uldis Segliņš ( 4468089 )

To reject some of those popups you have to unclick 100 small checkboxes. That need to be opened each, scrolled like tens of meters down, takes some 5 minutes to do. Comes with text "lawful reasons" or similar, from the top of my head. Those are the worst. Can't adblock those by default for all incoming not yet visited sites, AFAIK.

Re: (Score:2)

by parityshrimp ( 6342140 )

Malicious compliance. A similar bad practice in the context of junk email is several different lists from the same entity, and you can only unsubscribe from each list when you receive that type of email.

Hopefully they update the law to deal with these kinds of bad practices.

Who created the consent banners? (Score:4, Insightful)

by OzJimbob ( 129746 )

Excellent framing here from the adware/private data collecting industry; the European law in no way mandates banners. The law mandates requiring consent for data collection, which is entirely reasonable. If you don't collect and transmit identifying/private data, you don't need to put a banner on your website. The whole banner thing has been malicious compliance from day one from the ad industry.

Re:Who created the consent banners? (Score:4, Informative)

by whatdoibelieve ( 1622097 )

Yes but IP address may be considered private data in regards to the law. Collect IP addresses and store them briefly to prevent brute force attacks? You need to get consent. Easiest way to do it, is usually a banner.

Re: (Score:2)

by pavon ( 30274 )

I've never seen a cookie banner ask for consent to collect and store my IP address. If that is their reason, they completely failed to obtain consent in a manner that meets the law.

The reason for the banners are simple - a court case ruled that cookies are covered by GDRP, but they haven't explicitly ruled on other tracking mechanisms. So ad companies pushed the minimum and most annoying method of conforming with that ruling without changing their practices, and continue to ignore the fact that all the othe

Re: (Score:1)

by jacks smirking reven ( 909048 )

> malicious compliance

That is a great way to describe it. Maybe in that send turnabout is fair play so make the banner popup say a very unfavorable view in very loud letters of what they are doing if they are in fact doing it, like cigarettes do.

"We WILL sell your data to unknown brokers who will use it track you and sell that data to anyone to create an online profile of any detail of your life we can buy and use that to both target and bombard you with ads. And there is likely chance this will be hacked and released online f

Isn't if You Click the Site, You Have Consented ? (Score:1)

by kasnol ( 210803 )

Anyone with common sense knows cookies should run on implicit consent — if I visit a site, I’ve already consented to it working. The EU law wasn’t comprehensive, it was clumsy. Real privacy rules should target data abuse, not train people to mindlessly smash ‘Accept All.’ Instead, we got years of absurd pop-up windows that block the content until you click the obvious. Oh Lord

Re: (Score:2)

by dbialac ( 320955 )

I've always mindlessly clicked "Necessary only". It takes almost zero effort and I'm quite surprised more people don't do it.

Repeat after me: there is no anonymity (Score:2)

by RightwingNutjob ( 1302813 )

Your ip address is literally tagged to every packet of data you send, including a simple get / request. There is no passive viewing a website the way there is passive viewing broadcast tv or radio.

That ip address is traceable to you by way of the entity that runs a wire to your house or provisions the sim to your phone so you can send those packets.

You can hop around connections, of course, but almost everyone (including you reading this) are too lazy to do so consistently.

No website has ever loaded cookies on device (Score:1)

by Anonymous Coward

> require websites to get consent from users before loading cookies on their devices

Then law should have had no effect, since in all of history, no website has ever "loaded a cookie" on a user's device.

The furthest a website has ever gone in that direction, is to send cookies to the user's browser along with the requested data.

It's the web browser which decides whether or not to store the offered cookie. (And it also decides if/when to send the cookie back.)

Reject (Score:1)

by wbpeckham ( 5891478 )

Instead of routinely ALLOWING those cookies I routinely REJECT all cookies not critical to functions that serve ME.

If they pass change this, we lose the ability to reject those cookies!

Unless we use something like TAILS I suppose....

___________________
( Linnnnnnnnnnnnnux )
-------------------
o , ,
o /( )`
o \ \___ / |
o /- _ `-/ '
o (/\/ \ \ /\
o / / | ` \
o O O ) / |
o `-^--'`< '
.--. (_.) _ ) /
|o_o | `.___/` /
|:_/ | `-----' /
//<- \ \----. __ / __ \
(| <- | )---|====O)))==) \) /====
/'\ <- _/`\---' `--' `.__,' \
\___)=(___/ | |
\ /
______( (_ / \______
,' ,-----' | \
`--{__________) \/