Are websites required to make their cookie/privacy notice a full screen pop-up overlay?

175mph · 20 Apr 2019

Following on from this, it's made me wonder if a website uses your data in a way where they are required to display a message about their cookie/privacy notice, are they required to show it as a full screen pop-up overlay that dims out the rest of the website or is it just the recommended message format?

It's just most of my favorite websites, from my local newspaper to the Digital Spy forums and a student forum called The Student Room display such a message as a full screen pop-up overlay and only a handful of websites such as the BBC still show the message as a simple top or bottom of website message you can easily scroll past.

RailUK Forums

Peter Mugridge · 20 Apr 2019

I *think* the requirement is simply to display it clearly, but how they choose to display it is up to them.

175mph · 20 Apr 2019

Peter Mugridge said:
I *think* the requirement is simply to display it clearly, but how they choose to display it is up to them.

Are you surprised RailForums doesn't have a cookie notice message on first visit? I'm glad it doesn't.

Peter Mugridge · 20 Apr 2019

175mph said:
Are you surprised RailForums doesn't have a cookie notice message on first visit? I'm glad it doesn't.

Doesn't it? I stay logged in so I wouldn't normally notice anyway...

jmh59 · 20 Apr 2019

I suspect those sites slapping a huge popup before you can access the content are doing so in the hope that you just click it away and thus 'consent'. There are some really awful examples out there, including one media type site I found that would have required me to deselect each of around 400 partner sites - I just never go back to sites like those. And there are some really good ones that are able to place the consent checkboxes across the bottom, unselected such that clicking ok means you get none.

SS4 · 20 Apr 2019

jmh59 said:
I suspect those sites slapping a huge popup before you can access the content are doing so in the hope that you just click it away and thus 'consent'. There are some really awful examples out there, including one media type site I found that would have required me to deselect each of around 400 partner sites - I just never go back to sites like those. And there are some really good ones that are able to place the consent checkboxes across the bottom, unselected such that clicking ok means you get none.

I'm inclined to agree. Another effect they have is for the user to blame the EU instead of the websites for having to click consent which is, of course, what the sites want so they can sell your data without looking like the bad guy

DynamicSpirit · 20 Apr 2019

jmh59 said:
I suspect those sites slapping a huge popup before you can access the content are doing so in the hope that you just click it away and thus 'consent'. There are some really awful examples out there, including one media type site I found that would have required me to deselect each of around 400 partner sites - I just never go back to sites like those. And there are some really good ones that are able to place the consent checkboxes across the bottom, unselected such that clicking ok means you get none.

I'd agree. Generally if a site requires me to do more than a couple of clicks to de-select all cookies, I either abandon it, or - if there is something on it I care about reading - swap to a private browsing session.

Peter Mugridge · 20 Apr 2019

jmh59 said:
There are some really awful examples out there, including one media type site I found that would have required me to deselect each of around 400 partner sites - I just never go back to sites like those.

That sounds like NewsQuest...?

Bevan Price · 20 Apr 2019

Why do so many sites lie and claim that cookies are "for our benefit", "to improve the browsing experience", etc.? I just set the browser to delete all history & cookies when they are closed.

SS4 · 20 Apr 2019

Bevan Price said:
Why do so many sites lie and claim that cookies are "for our benefit", "to improve the browsing experience", etc.? I just set the browser to delete all history & cookies when they are closed.

By deliberately lowering the experience without them. Enabling your data to be collected and sold then improves your browsing experience. It's like if you had your leg chopped off by dodgy Dave who then gave you a wooden one (for a cost).

najaB · 21 Apr 2019

Bevan Price said:
Why do so many sites lie and claim that cookies are "for our benefit", "to improve the browsing experience", etc.?

It's not a lie. HTTP is, by design, stateless. Without cookies a website could not easily support any interactive features and would be limited to displaying static content since there's no native concept of a session. That's not so say that *all* cookies are necessary though.

Lucan · 21 Apr 2019

najaB said:
Without cookies a website could not easily support any interactive features and would be limited to displaying static content ....

Tosh.

The function of cookies is to allow a website to identify you on subsequent visits. It is to save their having to store info about you - your PC gets the job of storing the info about yourself that they need (or think they need) in the form of a cookie with their name on it, and they pick that info up again on your next visit. But if you have the option to log in to a site (like RF) then there is really no need to personalise the site by means of checking the cookie because you are explicitly telling them who you are anyway.

The bad side of cookies is "Tracking Cookies" https://en.wikipedia.org/wiki/HTTP_cookie#Third-party_cookie , which are cookies placed by third parties who have purchased advertising areas within the parent website (or other areas - can be a single pixel). These lead to the sharing of cookies (and therefore info about you, including browsing history) between those third parties and possible anyone else they wish to sell it to, legally or not. There can be hundreds (even approaching a thousand) of these third parties with a finger in the web page you are looking at : you might wonder why the web is so slow at times.

Nothing to do with "interactive features". That's marketing-speak.

najaB · 21 Apr 2019

Lucan said:
Tosh.

The function of cookies is to allow a website to identify you on subsequent visits

It is not 'tosh' and that isn't the only purpose for cookies. As I stated, HTTP is a stateless protocol.

Lucan said:
But if you have the option to log in to a site (like RF) then there is really no need to personalise the site by means of checking the cookie because you are explicitly telling them who you are anyway.

I suggest that you read up on session cookies.

najaB · 21 Apr 2019

najaB said:
I suggest that you read up on session cookies.

Just thought I'd add, for those interested in a more technical explanation, RFC 6265 is the place to look.

ComUtoR · 21 Apr 2019

Cookies aren't bad. How they are used is where the abuse happens.

najaB · 21 Apr 2019

ComUtoR said:
Cookies aren't bad. How they are used is where the abuse happens.

Indeed. They are necessary for basic website functionality. But use for cross-domain tracking can, as you say, lead to abuse.

Lucan · 21 Apr 2019

You said :

najaB said:
Without cookies a website could not easily support any interactive features and would be limited to displaying static content

In saying that, you are confusing interactive features with personalisation. For example a website that does conversions between units (kg to lbs, miles to km etc) is an interactive website, but has no need whatsoever to know who you are, whether you have been before, or whether you have moved between its pages (if it has more than one). It could therefore offer that interactive service without cookies. Another example that I would describe as interactive is a website that offers downloads - again with no need for cookies.

Of course such sites may well place cookies for other purposes, and usually do.

najaB · 21 Apr 2019

Lucan said:
In saying that, you are confusing interactive features with personalisation.

I am not.

HTTP is (as I've pointed out several times now) a stateless protocol.

Lucan said:
For example a website that does conversions between units (kg to lbs, miles to km etc) is an interactive website, but has no need whatsoever to know who you are, whether you have been before, or whether you have moved between its pages (if it has more than one). It could therefore offer that interactive service without cookies.

It also has zero to do with HTTP since in pretty much all cases the calculation is done client-side in Javascript. If someone was to implement the calculation server side (can't see why you would) it would use GET/POST HTTP transactions to pass the form data in the request. This is not practical for anything other than the most simple site.

Lucan said:
Another example that I would describe as interactive is a website that offers downloads - again with no need for cookies.

That is, as I said in my initial post, serving static content. I'm not sure what the point your trying to make is here.

satisnek · 22 Apr 2019

Yes these things are intensely annoying. I refuse to click this rubbish!

However, there are ways around it. Firstly, if you just want to read and not interact in any way, there's the option of turning off Javascript. The great thing about Firefox is that there's a plug-in which allows you to switch Javascript on or off as desired, and it remembers the setting for each site you've visited. There's also a nifty little thing called 'I Don't Care About Cookies', pretty self-explanatory but in my experience less than 100% reliable. But that's probably because I'm using an older version of Firefox with an older version of Windows. Then throw in an ad blocker and it makes the Internet just about useable. But why does it have to be this way? Why are those who are involved in the design of such things so completely out of touch with the real world and what the real world finds irritating?

It's worse with the phone, of course. I have a Microsoft phone which has a cut-down version of Edge, with none of the above fripperies. It has become quite a challenge to stop a page loading at the precise point before all the 'crap' starts appearing!

najaB · 22 Apr 2019

satisnek said:
However, there are ways around it. Firstly, if you just want to read and not interact in any way, there's the option of turning off Javascript.

JavaScript has absolutely nothing to do with cookies or user tracking.

I created two web pages last week both of which are unusable without JavaScript (they use jQuery) and neither uses cookies.

Groningen · 23 Apr 2019

Full screen is very much over the top.

satisnek · 23 Apr 2019

najaB said:
JavaScript has absolutely nothing to do with cookies or user tracking.

Indeed, but it is usually used for those cookie warning banners/overlays. (My post was referring to the OP - this thread seems to have deviated from cookie warnings to the discussion of cookies themselves

)

najaB · 23 Apr 2019

satisnek said:
Indeed, but it is usually used for those cookie warning banners/overlays.

That's true. However, most web pages use one or more frameworks (e.g. Angular, jQuery) which depend on JavaScript. Some are completely unusable with JavaScript disabled.

whhistle · 24 Apr 2019

It's why I wish there was a law against gifting or selling details to other companies.

Seriously, I can't think of a single instance where this is useful.
The tiny amount of websites that it is, you usually have to give express permission anyway (thinking PayPal being able to read data from ebay).

It's also worth remembering that we only see these because the EU thought it would be a good idea.
I don't think I visit a website where I don't see these, thus making them quite useless and annoying.

najaB · 24 Apr 2019

whhistle said:
It's why I wish there was a law against gifting or selling details to other companies.

There is. Proving it was done without your consent always been the problem.

Hence the selfsame popups that we're talking about.

Lucan · 24 Apr 2019

whhistle said:
It's also worth remembering that we only see these because the EU thought it would be a good idea.
I don't think I visit a website where I don't see these, thus making them quite useless and annoying.

I think the EU underestimated how much the permission pop-up would be needed. Now we know that almost every website uses cookies, and that if we do not constantly agree to these pop-ups a lot of the web would become unusable. As it is, I frequently read greyed-out text peeping out from behind patronising demands to accept cookies, and other web sites make it impossible to procede without agreeing. Nevertheless there must be lots of sites setting cookies without the required agreement because when I check my cookies I see many that I know I visited but certainly never saw any request for agreement.

When I think about it I examine all the cookies I have and delete all except those those I do not mind having an association with. .......... there, I've just done it.

One day the marketing people will discover this data is not as useful to them as they crack it up to be. Like one day Ebay might realise that eg if I have just bought a camera they are wasting their breath bombarding me with sugestions to buy another one exactly the same.

Bletchleyite · 24 Apr 2019

Lucan said:
One day the marketing people will discover this data is not as useful to them as they crack it up to be. Like one day Ebay might realise that eg if I have just bought a camera they are wasting their breath bombarding me with sugestions to buy another one exactly the same.

Well, quite. Given just how bad advertising targetting actually is, it doesn't worry me much - yet.

Strat-tastic · 24 Apr 2019

Given that most websites ask similar questions, can there not be a preferences section for one's browser where you set up default choices?

najaB · 24 Apr 2019

Strat-tastic said:
Given that most websites ask similar questions, can there not be a preferences section for one's browser where you set up default choices?

No, that wouldn't work - each site needs to ask you individually. Plus, if your default position was to opt out of tracking cookies/data sharing/etc. how would you then say that it's okay for the sites that you do want to allow?

Strat-tastic · 25 Apr 2019

najaB said:
No, that wouldn't work - each site needs to ask you individually. Plus, if your default position was to opt out of tracking cookies/data sharing/etc. how would you then say that it's okay for the sites that you do want to allow?

It would take a change in legislation I imagine, but it is doable and ultimately a better system.
You could of course set up custom options for chosen websites.

Are websites required to make their cookie/privacy notice a full screen pop-up overlay?

On Moderation

RailUK Forums

Veteran Member

On Moderation

Veteran Member

Member

Established Member

Established Member

Veteran Member

Established Member

Established Member

Veteran Member

Established Member

Veteran Member

Veteran Member

Established Member

Veteran Member

Established Member

Veteran Member

Member

Veteran Member

Established Member

Member

Veteran Member

On Moderation

Veteran Member

Established Member

Veteran Member

Established Member

Veteran Member

Established Member