The European Commission aims to reform the EU’s cookie consent rules that have cluttered websites with intrusive banners asking for permission to track user data[1]. The initiative seeks to streamline data protection while maintaining privacy safeguards through centralized consent mechanisms[1:1].

Cookie consent banners emerged from the ePrivacy Directive (Cookie Law) and GDPR requirements, which mandate websites obtain explicit user permission before collecting non-essential data through cookies[2]. Current rules have led to widespread implementation of pop-up notices that interrupt user experience and often employ confusing interfaces.

The proposed changes reflect growing recognition that the existing approach has “messed up the internet” while failing to provide meaningful privacy protection[1:2]. Rather than requiring individual consent on every website, the Commission is exploring solutions like centralized consent management to reduce banner fatigue while preserving user privacy rights.


  1. Ground News - Europe’s cookie law messed up the internet. Brussels wants to fix it. ↩︎ ↩︎ ↩︎

  2. Transcend - Cookie Consent Banner Best Practices: Optimizing Your Consent Management Experience ↩︎

  • PumpkinSkink@lemmy.world
    link
    fedilink
    arrow-up
    29
    ·
    1 month ago

    Just mandate a single button to reject all cookies and that the default be “reject all” if users skip the banner.

    • Ferk@lemmy.ml
      link
      fedilink
      arrow-up
      9
      ·
      1 month ago

      That doesn’t work, because rejecting all cookies means it’s impossible for the page to remember whether you skipped the banner… so the result is that the banner will always show.

      The real solution would be to have this be a browser / HTML standard. Similar to other permissions managed by the browser (like permission to get camera/mic, permission to send notifications, etc)… then each browser can have a way to respond to these requests for permission that we can more fully control/customize… with a UI owned by the browser that is consistent across websites and with settings that can be remembered browser-side (so the request can be automatically denied if that’s what you want).

      • RichardDegenne@lemmy.zip
        link
        fedilink
        arrow-up
        5
        ·
        1 month ago

        The law only concerns cookies that are not strictly necessary to provide a service.

        So the cookie to remember that you denied all non-necessary cookies could be seen as necessary and thus not require your consent.

        • Ferk@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 month ago

          @PumpkinSkink@lemmy.world said “reject all”, not “reject optional cookies” or “allow essential”. If the website offers a “reject all” button (which many do, even if that’s not mandated by the law), it actually does reject even the essential cookies. In my experience, the times I’ve chosen to press such button it always result on the banner showing again if you refresh the page.

          And “Could be seen as” is subjective too. They could argue that having the banner, even if inconvenient, does not really break the website. They can also easily argue that since the point of the law was to get them to request consent then they are actually being even safer in terms of compliance by asking more.

          Also, I still would rather have the possibility of no banners, not even the first time I open the page. The configuration from the browser following the standard could set a default for all websites and potentially avoid the popup to begin with. Then the responsibility would be with the browser, not the website.

          • RichardDegenne@lemmy.zip
            link
            fedilink
            arrow-up
            1
            ·
            1 month ago

            I still would rather have the possibility of no banners, not even the first time I open the page.

            Oh that’s entirely possible, even with the current law as it is. All the developer has to do is to stop using cookies for anything that is not related to the functionality of the website.

            But of course, the adtech bros won’t give up on their precious tracking, so they’d rather try and shift the blame with an empty argument along the lines of “Hey, the bad EU law is forcing us to bother you.”

            • Ferk@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              1 month ago

              Yeah, that’s why I’m saying that the current solution does not work. It’s why I was proposing a new standard that is enforced by law and that does not depend on subjective definitions of what’s “essential” so anyone who does only want to allow certain purposes can opt in/out of certain cookies without the hassle.