The proposed ePrivacy Regulation[0] looked like it was set to introduce some very positive recommendations to curb the worst of advertising cookies and pop-up dialogs.
Article 10 of the draft regulation suggested moving consent settings into the browser so that you could specify whether you will accept various forms of cookies centrally and then have those settings apply to all sites.
A ruling[1] related to shady consent practices by a website called Planet49 seems to have shifted the regulatory window towards the idea that users have to definitively prove informed consent.
Meanwhile the latest draft[2] of the ePrivacy regulation has removed Article 10 and the mention of browser-based controls for cookies entirely and thus consent stays per-website.
I really wish the choice of privacy related to advertising was baked into the browser and enforced there. Given the above developments, it's the only route I can see that avoids pop-up fatigue for users. The number of pop-ups everyone has to deal with causes user experience friction and wastes everyone's time.
It'd seem reasonable to me for sites to be allowed to pair with advertisers to request additional consent via pop-ups if they want, but with the defaults in the browser.
That way a site would have to make a conscious decision that it's worth getting consent from a user in order to monetize them -- and users would only need to be informed and provide their consent when something outside their expectations is being requested.
I'd love to hear from anyone who's tracking this - I'm not a lawyer and all this is the bits and pieces I've picked up while reading on the web and trying to determine an analytics consent strategy for a project I'm developing.
Edit: NB: I realize there's a context of apps rather than websites in the article, but I'd hope and suggest that the fundamentals are the same, especially if & when PWA's blur the distinction between browser/mobile-OS as host.
Article 10 of the draft regulation suggested moving consent settings into the browser so that you could specify whether you will accept various forms of cookies centrally and then have those settings apply to all sites.
A ruling[1] related to shady consent practices by a website called Planet49 seems to have shifted the regulatory window towards the idea that users have to definitively prove informed consent.
Meanwhile the latest draft[2] of the ePrivacy regulation has removed Article 10 and the mention of browser-based controls for cookies entirely and thus consent stays per-website.
I really wish the choice of privacy related to advertising was baked into the browser and enforced there. Given the above developments, it's the only route I can see that avoids pop-up fatigue for users. The number of pop-ups everyone has to deal with causes user experience friction and wastes everyone's time.
It'd seem reasonable to me for sites to be allowed to pair with advertisers to request additional consent via pop-ups if they want, but with the defaults in the browser.
That way a site would have to make a conscious decision that it's worth getting consent from a user in order to monetize them -- and users would only need to be informed and provide their consent when something outside their expectations is being requested.
I'd love to hear from anyone who's tracking this - I'm not a lawyer and all this is the bits and pieces I've picked up while reading on the web and trying to determine an analytics consent strategy for a project I'm developing.
Edit: NB: I realize there's a context of apps rather than websites in the article, but I'd hope and suggest that the fundamentals are the same, especially if & when PWA's blur the distinction between browser/mobile-OS as host.
[0] - https://en.wikipedia.org/wiki/EPrivacy_Regulation_(European_...
[1] - https://www.cookiebot.com/en/active-consent-and-the-case-of-...
[2] - https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONS...