We are all used to seeing those cookie pop-ups that most websites throw at us when we visit them for the first time. The European Union’s General Data Protection Regulation (GDPR) requires companies to take the protection of users’ privacy seriously, and so websites were quick to incorporate these pop-ups to comply with the regulations.
These pop-ups, besides being annoying, are also quite useless, or at least that’s what some experts say. This is the case of Mike Oliver, a lawyer at the American law firm specializing in technology Oliver Grimsley, who recently published a post in which he explains why this cookie policy is, in his opinion, absurd, both in the European Union and in the United States, given the effects that the European regulation also has on North American companies.
As Oliver points out, and as many users will agree, “except in very, very limited cases, these cookie pop-ups do not in any way increase the protection of user privacy.” This is due to several reasons.
The first is that users, for the most part, do not stop to read or find out about the website’s cookie policy, despite it being linked in the pop-up. Normally, everyone clicks on accept to enter the website, especially for another important reason: in many cases, the user is actually forced to accept the cookies to use the website, since if they do not accept them, they may find that some of the website’s functionalities are no longer operational. And under current regulations, companies are not obliged to offer their service to those who do not accept their tracking cookie policy.
This is a false choice, because in the end, it’s a ‘take it or leave it’ choice. The same thing happens when a paid subscription is offered in exchange for saying no to tracking cookies or advertising. “A truly privacy-focused law would at least require that the site function if a person opts out of tracking,” says Oliver.
The problem also extends to companies that use so-called consent platforms (CMPs). These platforms collect information about whether or not a user has accepted the cookies and conditions of a particular website, in order to prevent pop-ups of this type from being sent to them again. Belgium discovered A few months ago the Authorized CMPs by the European arm of the Interactive Advertising Bureau (IAB), present privacy risks in themselves, as they also extract very specific data that can be used to create advertising profiles.
Policies are difficult to understand
Added to this is the fact that the privacy policies that users are asked to read are often long and complicated, using vague terms such as “services” or “other purposes.” It also happens that the terms “partners” or “third-party services” are not often explained clearly, so users do not fully understand what may happen to their data.
For all these reasons, the lawyer offers an idea of how the cookie issue could be solved by improving the GDPR. “In my opinion, it is enough to stop using cookie pop-ups. They are stupid and ineffective,” instead, “a law should be passed requiring a service to respect a browser’s do-not-track signal (currently entirely voluntary) and not store tracking cookies, clear gifs, or other trackers, and requiring a site not to “discriminate” against users who choose not to be tracked.”
Many browsers, such as Brave or Firefox, allow you to set the option to not allow tracking cookies by default. Following this idea, cookie pop-ups could be removed and instead focus on respecting the browser settings. This would also save the drudgery of having to accept or deny each website’s policy individually.
