The "Accept all" button is often the standard for cookie banners. An administrative court has ruled that the opposite offer is also necessary.

The “Accept all” button is often the standard for cookie banners. An administrative court has ruled that the opposite offer is also necessary.

Lower Saxony’s data protection officer Denis Lehmkemper can report a legal victory in his long-standing battle against manipulatively designed cookie banners. The Hanover Administrative Court has confirmed his legal opinion in a judgment of March 19 that has only just been made public: Accordingly, website operators must offer a clearly visible “reject all” button on the first level of the corresponding banner for cookie consent requests if there is also the frequently found “accept all” option. Accordingly, cookie banners must not be specifically designed to encourage users to click on consent and must not prevent them from rejecting the controversial browser files.

  • altphoto@lemmy.todayEnglish
    10·
    8 hours ago

    Make it opt-in where you must purposely click somewhere. And just hide that away where they have their unsubscribe button.

  • Blackmist@feddit.ukEnglish
    191·
    9 hours ago

    Can we ban the “Pay to have privacy” option as well.

    Fuck every site that tries to pull that shit.

    • Localhorst86@feddit.orgEnglish
      2·
      2 hours ago

      The issue about that extension is this:

      When it’s needed for the website to work properly, it will automatically accept the cookie policy for you (sometimes it will accept all and sometimes only necessary cookie categories, depending on what’s easier to do).

      It will often just accept the cookies as is.

  • Geth@lemmy.dbzer0.comEnglish
    11·
    9 hours ago

    A disgusting behavior that I’ve seen in Spain is for websites to direct you to their subscription page if you say you don’t want to be tracked, either you pay for the content or you don’t get any content. Apparently the Spanish courts have deemed this legal.

  • selokichtli@lemmy.mlEnglish
    39·
    13 hours ago

    The kind of stupid shit societies have to invest money in. Don’t get me wrong, it’s good news, it’s just baffling that money had to be invested in order to get these bastards to do the civil thing.

    • sudo@lemmy.todayEnglish
      16·
      13 hours ago

      ‘its baffling in a capitalist society, corporations do everything they can to squeeze the most money out of their users with zero regard for the users wants or needs, and do whatever they can to skirt legal obligations that protect consumer privacy and security’

      Yeah. I’m baffled.

  • CompactFlax@discuss.tchncs.deEnglish
    127·
    18 hours ago

    We and our 908 partners store and access personal data, like browsing data or unique identifiers, on your device.

    Absolutely, we need a Reject All button!

    • Jajcus@sh.itjust.worksEnglish
      42·
      18 hours ago

      And it should include this mysterious ‘legitimate interest’, or whatever it is called - always on by default in ‘my choices’, even though no one seems to be able to explain what this means. How can I make an informed consent on something that vague?

      On the other hand, not ‘Reject All’, but ‘Reject All except functionally necessary’ (which should be precisely regulated by the law), otherwise there will be no cookie to remember our ‘reject all’ choice, which I am sure the corpos would happily use do discourage us from clicking that.

      • jmcs@discuss.tchncs.deEnglish
        10·
        13 hours ago

        Rejecting cookies without asking every time requires a cookie and that is clearly legitimate interest. The problem with legitimate interest is that it’s not well defined enough and then you have companies claiming that Adsense personalization is an absolute necessity for their website.

      • sfxrlz@lemmy.dbzer0.comEnglish
        15·
        17 hours ago

        That shit makes me so mad. What the fuck is legitimate interest if not the cookies which are set anyway to make the site function It’s just purposefully misleading.

      • lime!@feddit.nuEnglish
        6·
        14 hours ago

        the “functionally necessary” cookies, which are served by the site itself (e.g. not a third party), do not require a banner at all. if you have no third party cookies, you can do entirely without it.

      • Blue_Morpho@lemmy.worldEnglish
        14·
        17 hours ago

        I’m sure “functionally necessary” already means we share your data with everyone because we setup a system where the local page state is managed by third parties that we are selling your data to.

    • Anonymaus@feddit.orgEnglish
      11·
      18 hours ago

      I have also seen on some websites that you have to pay them through subscription if you want to reject all cookies

      • Hubi@feddit.orgEnglish
        5·
        17 hours ago

        Heise is not breaking EU law with this. The law states that there must be an option to reject all cookies, whether it’s a paid option or not is up to the site.

        • TheTechnician27@lemmy.worldEnglish
          9·
          16 hours ago

          This is no longer true thanks to a ruling by the European Data Protection Board. Hang on, I was misreading. I believe there’s been a recent ruling, but this one ain’t it.

          EDIT: See pages 39 and 40. Here, it seems as though no “equivalent alternative” is provided under these criteria. It seems to me like consent-or-pay is heading toward an eventual ban, but Heise makes it clear on their website you can consent, pay, or leave – i.e. not an “equivalent alternative” to my mind.

          EDIT 2: Okay, upon reading these criteria further, it seems like this isn’t a violation of EU law but that it’s reaaaally close and that the EDPB really hates consent-or-pay as a loophole and wants it to die as soon as possible. If not breaking the law, it’s still an ethical nightmare, so the first line of my comment stands: “Heise Group, you greedy cocks.”

          • Hubi@feddit.orgEnglish
            6·
            15 hours ago

            so the first line of my comment stands: “Heise Group, you greedy cocks.”

            Fair enough :D

  • finitebanjo@lemmy.worldEnglish
    11·
    14 hours ago

    A friend of a friends relative’s 2nd cousin mentioned that pornography sites have been surprisingly compliant about this, already.

  • latenightnoir@lemmy.blahaj.zoneEnglish
    15·
    18 hours ago

    FINALLY! I was wondering how long it’d take for people to act upon the fact that Permission prompts have become THE biggest digital grift. The answer: way too fucking long!

  • splendoruranium@infosec.pubEnglish
    2·
    16 hours ago

    Next up: No more <Allow all button> allowed" followed by “No banners allowed, setting cookies is only even possible after user account creation”… please?