In recent months, more and more web sites greet me with super annoying pop-ups and request my consent to their use of cookies. Some even give me the option to control for which purposes cookies are used. Of course, web site owners don’t do this for fun but because of laws such as the GDPR that have come into effect in recent years. While I think that the GDPR is a good thing overall, I am particularly unhappy about this side effect.
It’s nice that one can in theory control for which purposes cookies are used. But honestly, did you ever have a closer look and actually change the ‘maximum’ settings? No? I thought so.
I suppose that most people will only see the dialog once. Not me, however, as I have configured my browser to delete all cookies when I exit. So next time I come back to the page, the ritual repeats. One the one hand this is super annoying, but on the other hand it shows that the web site does not remember me after I have closed the browser. So I’m trying to recondition myself not to be bothered by the pop-ups but rather to see it as a positive sign that the website does not link me to a previous visit and does not have a personal profile of me. That is, unless, it uses other means to track my behavior which is not yet regulated. Always the optimist.
5 Minutes ago i was also greeted by a cookie popup.
I clicked around in it, accidentally hit back and the cookie popup/overlay was suddenly gone.
Did I consent?
What did I consent to?
I have no idea.
This is not only annoying. The fact that this cookie and tracking thing is more or less out of control really bothers me…
‘But honestly, did you ever have a closer look and actually change the ‘maximum’ settings? No? I thought so.’
Honestly? Yes and always.
Besides, if I remember correctly, since you have to consent to the maximum in the first place, not consenting means you are left with the minimum amount of cookies possible.
While the GDPR covers to my knowledge browser-fingerprinting as well, I’m not sure websites actually allow you to opt out of that.
I, too, think the GDPR is generally a good thing but regarding cookies I think somewhere along the line the interpretation of what’s going on has got really mixed up.
Cookies are often described as bits of data which websites store on your computer. They’re not; they’re bits of data which websites put in response headers and which browsers may (or may not) store on your computer. There’s no way the website can store data on your computer without the cooperation of software on your computer.
It seems to me that this means that the obligation to obtain consent should be on the browser producers and not on the websites. In other words, the GDPR should have been framed with the idea that browsers should, by default, delete all cookies on exit (as you and I have them set up to do) and require explicit permission to store cookies longer term for particular sites.