> Everybody except those who created the problem in the first place.
For over a decade there have been laws in each country protecting people's private data. Companies kept on ignoring those laws. The countries came together and created a single law for the entirety of the EU.
The essence of the law:
- if you need some data for the functionality of your service, you can collect it
- if you don't need some data for the functionality of your service, you can't collect it unless you explicitly ask the person. And "opt out" has to be the default option, and cannot stop the person from using the service
How is that a problem?
Those popups? Yes, they are annoying, but they also show how every single website sells the data they don't need to hundreds of companies without your consent. And they keep trying to trick you into providing that data. Now this is a problem.
However, you think that it's all fine, everyone should just hoover up all the data they can possibly get their hands on.
> Are they gonna sue every single website who had to put up a cookie popup just because they run analytics?
Yes, theoretically they have the authority to do that. However, no, they are not going to do that. And no, that doesn't mean that the law is bad.
Look at the bottom of the page. It's a cookie banner. It was their law. They had 6 years to implement it on their own website. This is the result. The law is broken.
This is pretty much how it's supposed to work under GDPR. Offering a clear choice without bias. GDPR isn't about banning cookies. It's about giving the user control of their data.
Well then - cookie popups that must be clicked every time you visit a website until you accept them, must be ok with you, since "this is how it's supposed to work under GDPR".
Sorry, but I don't agree. I consider them a scourge on today's Internet. And I find them a horribly steep price for the "privacy" (really just a lousy IP address obfuscation) you gain in their stead.
The choice can be perfectly well saved in a cookie because it's a cookie necessary for site operations. They don't even need approval. Only unnecessary ones do.
For over a decade there have been laws in each country protecting people's private data. Companies kept on ignoring those laws. The countries came together and created a single law for the entirety of the EU.
The essence of the law:
- if you need some data for the functionality of your service, you can collect it
- if you don't need some data for the functionality of your service, you can't collect it unless you explicitly ask the person. And "opt out" has to be the default option, and cannot stop the person from using the service
How is that a problem?
Those popups? Yes, they are annoying, but they also show how every single website sells the data they don't need to hundreds of companies without your consent. And they keep trying to trick you into providing that data. Now this is a problem.
However, you think that it's all fine, everyone should just hoover up all the data they can possibly get their hands on.
> Are they gonna sue every single website who had to put up a cookie popup just because they run analytics?
Yes, theoretically they have the authority to do that. However, no, they are not going to do that. And no, that doesn't mean that the law is bad.