• Carighan Maconar@lemmy.world
    link
    fedilink
    English
    arrow-up
    95
    arrow-down
    7
    ·
    11 months ago

    To be fair, I can actually sort-of see a specific point here:

    They are legally required to offer you that cookie choice. If you block that choice, are they in violation of the law even if they cannot apply cookies? Just because their site does implement tech for it (even though you’re blocking it, but the law cannot know that) and they cannot show you the popup allowing you to reject the tech (since you’re blocking it)?

    Weird thing. Doubt there’d be a clear answer without someone dragging someone else in front of a court for it, plus that’s of course not why CNN is blocking us here, but it’s an interesting thought whether they are even allowed to let you on if they cannot present you with the GDPR choice.

    • xantoxis@lemmy.world
      link
      fedilink
      English
      arrow-up
      89
      ·
      edit-2
      11 months ago

      Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature. Let the user make the choice once, in the browser, and let the browser tell the visited site what’s allowed. Statutory compliance would mean something like

      • browser detects and warns about cookies which do not appear to be in compliance with user’s preferences (optionally: browser can block cookies which do not appear to be in compliance)
      • browser detects sites which do not implement the spec at all, and warns the user about that
      • regulatory body checks for compliance on any site with over X number of users
      • regulatory body checks major browsers for compliance
      • any combination or all of the above
      • Mechanize@feddit.it
        link
        fedilink
        English
        arrow-up
        39
        ·
        11 months ago

        Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature.

        Well, it kind of is. The Do Not Track header has recently seen a court win in Germany (source):

        It turned out that the judge agreed with vzbv, ruling that the social media giant is no longer allowed to warn users it doesn’t respect DNT signals. That’s because, under GDPR, the right to opt out of web tracking and data collection can also be exercised using automated procedures.

        And it is basically the same in California too Source

        GPC is a valid do-not-sell-my-personal-information signal according to the California Consumer Privacy Act (CCPA), which stipulates that websites are legally required to respect a signal sent by users who want to opt-out of having their personal data sold.

    • Honytawk@lemmy.zip
      link
      fedilink
      English
      arrow-up
      21
      ·
      edit-2
      11 months ago

      They should just treat it as declined every necessary cookie and move on

    • JustEnoughDucks@feddit.nl
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      edit-2
      11 months ago

      Then why can over 100,000 other sites show their cookie banners as required by GDPR while Firefox + unlock origin is active, but somehow one of the largest media companies in America “just can’t do it” without disabling your ad-blocker?

      If they really couldn’t do it, they would do like Home Depot did and block anyone in europe from accessing their site.

      This is not about GDPR at all! This is exclusively about forcing you to disable your ad-blocker so they can make more money from offering a bad browsing experience.