• Pfosten@feddit.de
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    The cookie consent rules appeared 2009, and consent was made more strict in 2018 with the GDPR.

    EU bodies such as the WP29 data protection board had been writing since at least 2014 on the need of reform because the cookie consent rules are onerous in practice. Everyone wants reform.

    So there was (is?) an effort to replace the ePrivacy Directive with a shining new ePrivacy Regulation that would also harmonize it with the GDPR. At the time, it was hoped it could come into force together with the GDPR in 2018. This regulation would have allowed the use of some cookies without consent, even when not strictly necessary.

    But the proposed regulation is disliked by both the data protection side and the industry side, because it changes the existing balance. It was heavily lobbied against by Google and others, and never got ready enough for a vote (report from 2017, and in 2021 the NYT reported on internal documents where Google boasted that it successfully slowed down any progress). Every year someone in the EU tries to pick it up again, but always there’s something more important and it gets dropped again. I guess the effort this article reports on will falter as well.

    Some silver linings though:

    • Because responsibility for enforcement for cookie consent currently differs from GDPR stuff, clever data protection authorities like Belgium and France have been able to issue fines against big tech companies without having to involve their extremely industry-friendly Irish colleagues.
    • Subsequent lobbying has not been able to prevent improvements on other aspects, e.g. Digital Markets Act and Digital Services Act, the latter of which also forbids Dark Patterns. However, these Acts primarily affect very large companies, not the average website.