“Do Not Track” is a legally binding order, German Court tells LinkedIn::Landgericht Berlin gibt Klage des vzbv gegen die LinkedIn Ireland Unlimited Company weitgehend statt

  • Björn Tantau@swg-empire.de
    link
    fedilink
    English
    arrow-up
    116
    arrow-down
    1
    ·
    1 year ago

    Oh, I hope this goes to higher courts and cascades down to be an alternative to the stupid cookie banners.

    • klef25@lemmy.world
      link
      fedilink
      English
      arrow-up
      37
      arrow-down
      6
      ·
      1 year ago

      Also, what exactly are “essential cookies”? Why does the website get to decide if they are essential?

      • ZickZack@fedia.io
        link
        fedilink
        arrow-up
        37
        ·
        1 year ago

        There are certain things you are allowed to use cookies for even without asking for permission (i.e. they wouldn’t even need to tell you about them). These are effectively the kinds of things that are necessary for your website to work in the first place: For instance if you have a dark and a light mode and you want people to change this even without logging in, another example is language settings (this is why sites like e.g. duckduckgo can have a “settings” tab despite the fact you are not logged into anything).

        The rule-of-thumb is that everything that is directly related to the functionality of your website is fair even without asking (they are “essential”).
        Of course the specifics are a little more tricky: For instance you could have a shop in which you can put things into your “shopping basket” without being logged in. This is fine since it’s core functionality. However, if you use that same cookie to also inform your recommendation algorithm, you could get into trouble. Another aspect is 3rd party cookies: These, while not theoretically always requiring permissions, in practice do need expressed permission since you, as the website host, cannot guarantee what happens with these cookies (and 3rd party cookies are, in general, an easy way to track users, which isn’t core functionality for most websites).

        • klef25@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          1 year ago

          Thank you for the thorough response. Personally, I would like to reject absolutely everything and then have the website tell me which functionality won’t work without a cookie as I try to use it.

          • Buckshot@programming.dev
            link
            fedilink
            English
            arrow-up
            17
            ·
            1 year ago

            It would quickly get very annoying because one of those essential cookies is remembering that you rejected the rest.

            The law doesn’t actually mention cookies at all. Its about tracking users, they need your explicit consent to track you or to share data about you with third parties. Cookies are the primary way of doing this but there are others and they need your consent too.

      • bassomitron@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        ·
        1 year ago

        To be fair, some websites do need certain cookies to function correctly. As a random example, if a user goes to their bank’s website, they’re more than likely not going to know what to enable/disable cookie wise so that the website is still functional for logging into their account. So I can understand lumping those actual essential cookies into one category in those instances. However, I agree that it’s almost certainly being abused.

        • Skasi@lemmy.world
          link
          fedilink
          English
          arrow-up
          19
          ·
          edit-2
          1 year ago

          Probably worth noting: Only things like non essential third party cookies need consent. Essential cookies for things like the users active session that are not shared don’t need a cookie banner.

          Source: gdpr.eu/cookies

          • brsrklf@jlai.lu
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            Yeah. And sites are still more than happy to show those in the popup, just to muddy the waters and make it more complicated than it needs to be. Same with “legitimate interests”.

            • Skasi@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              And sites are still more than happy to show those in the popup, just to muddy the waters and make it more complicated than it needs to be.

              As far as I see it, displaying information regarding strictly necessary cookies that do not require consent is good practice.

              The website linked above states that “While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.”

              I think the complicated part is mostly the deliberately bad UI that is often used for cookie banners. They purposefully use a bad layout and color scheme in an attempt to push the user to just click “Accept all”. As far as I understand if a websites only had strictly necessary cookies then I think they wouldn’t even need a cookie popup in the first place though and could simply list this information on a separate “Privacy Policy” page or whatever.

        • 🅿🅸🆇🅴🅻@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Just to add up, the “session” cookie is a special case for the browser which identifies them as such, and handles them as temporary because usually it expires in a few hours. Also, they must have an expiration, and it clears them as soon as you close your browsing session no matter if they expired or not.

      • Traister101@lemmy.today
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        The cookie which stores the “Do Not Track” request is pretty essential don’t you think? Cookies is just what we call a particular websites local device cache. You can store whatever you want in there but they are best used for user settings, what user configurable theme should the site use, maybe you have a login token in there. Essential cookies (cache) the site needs to function properly.

        Cache isn’t scary, it’s the tracking info and other related data they use to sell you ads.

      • Björn Tantau@swg-empire.de
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        I don’t mind “essential cookies”. Otherwise I would just configure my browser to not accept them at all.

        But what really interests me is what “legitimate interests” are.

        But in the end it’s not about the cookies, it’s about the tracking. The technique is irrelevant.

      • explore_broaden
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        How about the cookie to store the setting that you don’t want non-essential cookies?