Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The very https://gdpr.eu/ website has a cookie banner!!!

When everybody breaks a law, including its creators, it's the law that is broken.



Cookie banners are fine when done appropriately.

The one on https://gdpr.eu/ is very well done. It does not break the law.

It's an example of excellence others should follow. Unintrusive. As easy to opt out as to opt in. Clear buttons, simple language. Clear text. If you prefer to ignore the banner that's fine too. On desktop it's unintrusive and you can just ignore it. I tried scrolling, it just stays out of the way. Each button is clear: "Ok", "No", "Privacy policy". Perfect. (It could be better on mobile for size, but it's still easy to click away.)

No dark patterns, dirty tricks, misleading controls, no "yes means no" controls, no "visit our 1000 partner sites to opt out" insanity, no other dirty tricks. You will not "accidentally" end up tracked when you didn't want to be. You will not be misled into believing a 70% screen size, deliberately slow panel is required.

Panels on other sites are deliberately slow and harder to opt out of. They want you to be annoyed. That's because they want you to believe the GDPR requires stupid, slow, large, intrusive, complicated banners. So that you will tell everyone how bad the GDPR is. But the GDPR doesn't require those things. In fact, when you see a banner that says "due to the GDPR we must..." it is often a straight up lie, and parts of the banner are against the law, not required by it.

https://gdpr.eu/ - thanks for highlighting that great example. I will take that as inspiration next time I need a good quality, sleek, fast, easy, compliant and user-friendly banner.

Such banners are not required, though. My sites don't have cookie banners and that's fine. They don't track users against the expectations of the users. My sites do have optional logins, user identification, and use cookies for those things, but logins don't require cookie banners because people expect their identity to be tracked by the act of logging in. And, importantly, their identity used only for what users would expect. My sites do have basic request logging and monitoring too, as you would expect for security and ops, but again those don't require cookie banners if they are done respectfully.


Unfortunately the gdpr.eu website is not official. Worse, its cookie banner is illegal under GDPR.

Check out https://ico.org.uk/ for a correct implementation. And cry...

Cookie banners ARE required for something as simple as logs analytics. That is the spirit of the GDPR and it is what makes it a broken law.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: