It took 18 years of pointless clicking for bureaucrats to finally notice that they chose the worst implementation possible of cookie control.

The EU’s escalating war on internet freedom and American tech companies is not about “protecting consumers” or “preserving democracy.” It is a textbook case of centralized power reasserting control over the greatest engine of voluntary exchange and uncoerced speech in human history: the open internet.

The EU’s flagship weapons: the Digital Services Act (DSA), Digital Markets Act (DMA), GDPR, and the emerging AI Act, function as modern mercantilism dressed in progressive

They screwed it up the first time, now they are doing it again. There are already http headers for do not track and it is a standard. Just force websites to respect that under threat of enormous penalties, that is all that is needed!

> Instead of having to click accept or reject on a cookie pop-up for every website you visit in Europe, the EU is preparing to enforce rules that will allow users to set their preferences for cookies at the browser level

This was already largely possible thanks to add-ons, which actually prevent the browser from ever sending cookies to that domain unless I explicitly authorize it. That's vastly preferable to the EU method of specifying which cookies I want to send and then hoping that the web site abides by that preference instead of just collecting everything due to a "bug that affected a small number of users".

The problem with the EU approach to cookie management is that every fucking web site throws up a banner that they collect cookies and then asks for your cookie preference. And the answer to that question is saved... in a cookie! So when you block all cookies to that domain using an add-on, you get that banner on every...fucking...page. This is an objectively worse experience than I had before and I don't even live in the fucking EU!

> cookie consent policies have been an annoying and unavoidable part of browsing the web

Just don't track your users can send the data to a gazillion other parties. (Or let shady companies like Google or Facebook do the tracking if your visitors for you.)

People can set their privacy preferences centrally -- for example via the browser

DNT was proposed in 2009, implemented by most browser within a couple iterations. Microsoft famously poisoned-pilled their implementation to kill it by making it the default, which gave advertisers an excuse to claim people didn't really mean to set it, and ignore it.

It always needed the force of law to work.

Note that I am fully confident that the fine professionals in the EC will find some way to make this stupidly intrusive and annoying as well as cost a crazy amount of money to implement. I believe in them.

I hope by "must" it means that browsers are going to enforce it.

Why do the websites have the authority in the first place to tell your browser what cookies to store? This is 100% on browsers to restrict what websites can do with cookies. Websites should be able to do anything they are allowed to do. Malicious websites are not going to respect any legal rules.

> "People can set their privacy preferences centrally -- for example via the browser -- and websites must respect them

And how exactly will that happen? Will preferences be set at the browser level for doubleclick, google, etc? Do we expect joe sixpack to understand how to do this?

I'm not sure this is any better.

Unless you need an exception to a web page's stateless protocol, no cookie is needed. Tracking you is likely not what the W3C had had in mind, when they created XHTML, XML, HTML. all from SGML. You have been falsely been taught to believe that tracking is necessary to load the simplest of webpages. Basically, unless it's something that you need to log in for, no cookie is likely needed. BTW, tracking is not advertising; to refuse to be tracked--does not mean that you are blocking ads.

Me love cookie!!! Om nom nom nom...

I am sure all of those non-EU website will respect the hell out the cookie policy. I imagine most major international companies' sites will. But outside of that, good luck with enforcement.

Whenever a government tries to force companies to do something they don't like, companies respond by doing it in the most cumbersome and awful way possible, hoping that the public will get so angry that they force a change in policy

The law never demanded cookie banners.

The law demanded you not to store personal data, except you need it to provide the service for the user.

This means your login cookie does not need consent, neither does storing the e-mail address at newsletter signup need a banner (because the sign up button agrees to the use of the address if it is only used for the newsletter).

Why are there the banners? Because they tricked you! The users clicks the banner, in the best case for the site owner with "accept all" and then the site owner argues "The user WANTED to be tracked".

The peak of this is the pay-or-okay pattern in which a website provides a pay option (often more an alibi option to be able to use pay-or-okay without relying on making money with the pay option) and full "consent" as alternative to paying. While the usual banner must provide opt-out options, the pay-or-okay banner doesn't have to. If you click "Agree to tracking to read for free" they claim you had the choice to get the same content without agreeing, as they are allowed to charge for the content.

Is the nightmare crumbling? No, the privacy is. The proposed changes will weaken the privacy law and allow to use data under certain circumstances without user consent. So you may indeed see fewer banners, but that only means that they are now allowed again to sell your data without asking.

Finally, will you see fewer banners? That's unlikely, because the tracking ad model is so technically and legally complicated and involving literally thousands of companies, as your visit decides which companies will show you ads without the site owner knowing before which ones will be chosen, that it would be a large legal risk for site owners not to keep using the banners they are using now.

The possible outcome: You see the same banners, but have fewer opt-out options and certain companies claim they have "legitimate interest" and similar reasons to get your data even if you never receive any benefit for it.

And there is already a technical opt-out, which is *ignored* by the tracking companies: [1]https://en.wikipedia.org/wiki/... [wikipedia.org]

Do you really think they will follow the new one? If it is legally binding, the new "consent" banner will read "Please instruct your browser to allow tracking", or they will try to have banners "Your browser disallows tracking, but as we provide valuable service you want to agree to *our* tracking nevertheless, don't you? Please click 'ignore my browser options and agree to all' to continue".

The only option to end tracking is to make it illegal to use the data. Let's say advertisers are forbidden to personalize ads. Every user needs to get the same ads (which are allowed to be tailored to the content shown). Then companies would stop paying for data and so would advertisers stop demanding site owners to collect data and they could remove the cookie banners, because cookies (and other tracking) would no longer be necessary for the advertisers to pay in full.

[1] https://en.wikipedia.org/wiki/Do_Not_Track

1. Disable all 3rd party cookies. Permanently.

2. Always allow strictly necessary cookies only.

That's it. That's the only setting we need.

f.ex. "I don't care bout cookies", like everybody else did after the 100th click.

The original idea of the legislation was that tracking should be forbidden.. Then some smart corporate lawyers said "but what if people want to be tracked?" - OK then but they have to give explicit consent... Fast forward and we have "consent or pay to opt out" and "by looking at this page you consent to us spying on you for whatever purpose we want and exploiting the resulting data in any way we please" - ok the second one is made up...