In early May, the European Data Protection Board (EDPB) put an end to another issue – cookies violate GDPR. We are discussing the situation.
Photo – Erol ahmed – Unsplash
Last March, the Dutch regulator called cookie walls are illegal. These are banners blocking access to content until the user agrees to the processing of personal data. The decision of the data protection agency in the Netherlands provoked a discussion among site owners, lawyers and politicians. And earlier this month, representatives of the European Data Protection Board (engaged in the enforcement of GDPR) issued official clarificationin which they confirmed – cookies are contrary to the requirements of the GDPR. They force users to accept the terms of data collection, while such consent should be voluntary.
Additionally, the EDPB commission clarified that scrolling through a web page also cannot be considered an authorization to process PD.
What are the pitfalls
EDPB only accepts new rules and clarifies laws related to the protection of personal data. Their implementation is monitored by local authorities of the EU member states. But a number of experts note that this is the case. not the best way. Despite fines on GDPR – which can reach 20 million euros – many resources set cookies without user consent.
Specialists from Aarhus University, University College London and MIT celebratethat only 11.8% of banners comply with the minimum requirements of EU law.
Also, The Verge reporters they writethat banning cookie walls will not be a panacea. There are many tools in the arsenal of dishonest webmasters with which they force users to agree to set cookies. “Dark practices” include overly complex interfaces and vague wording.
Photo – Kari shea – Unsplash
Interestingly, the need to strictly regulate cookies could be avoided if all companies initially followed the recommendations in the original cookie specification (RFC 2109) To this fact noticed Thomas Baekdal, founder of the technology magazine of the same name Baekdal.
The specification was developed by engineers from Netscape Communications back in 1997. The document forbids Internet resources to set third-party cookies or at least activate them by default. At the same time, sites should provide users with the ability to delete information about themselves and revoke permission to set cookies. Similar requirements can be found today in the articles. Number 17 and Number 21 GDPR.
How to block unwanted cookies yourself
You can use the tools that offer various browsers. Mozilla has developed a utility that prohibits the installation of fingerprint collectors and tracking cookies. There are similar solutions in Safari and Brave, and Google is only is planning implement them. The corresponding functionality in Chrome will appear in the next two years.
Another defense tool might be the framework. Do not track (DNT). is he developed by by the W3C consortium and should automate work with cookies. A special function is added to the browser. It tells sites which cookies the user has enabled. However, studies by Forrester showedThat popular resources ignore the new mechanism. For this reason, engineers at W3C at the beginning of last year stopped work on the project. It is hoped that someone will continue the work begun by the consortium and bring it to its logical conclusion.
Posts from the blog 1cloud.ru:
Situation: Do AdTech companies violate GDPR?
Potential attacks on HTTPS and how to defend against them
What tools will help meet GDPR
Why mainstream browser developers again refused to display the subdomain