Does the GDPR define what the default behavior should be when the user refuses to specify? Does it vary by site? Is it like clicking either “Accept all” or “Reject all”?
There is no reject all in GDPR, because functional cookies are still allowed. So the default behaviour is only functional cookies are allowed.
Edit: Companies have been fined for making cookie options too complicated, under GDPR all other cookies are opt-in. This is what a banner should look like:
Good to know that’s the default. I do definitely see prompts that have “Reject all”, plus some banners that only have “Accept all” and “Cookie settings”, with “Reject all” or “Necessary cookies only” only visible in the cookie settings. Thanks.
So if I open the cookies settings and deselect all that can be deselected, is it the same as necessary cookies only?
Correct, if you want to live cookieless on the internet you have to disable them in browser. But as others have said, this will break the majority of websites.
Functional cookies can never be used for identifiable information, only to ensure the functionality of the website.
What functionality do they ensure? I understand web games and webapps, but like any website now has cookies
There’s many reasons, site specific settings like selecting a language or if a certain popup message been dismissed by the user so it’s not shown again. Sorting settings, dark/light mode or what stage of the signup process the user is at.
Altough I agree many aren’t a necessity and could be eliminated by better software design.
Sometimes people store simple data, like a boolean, in it.
When I tried to make a website with some funny functions everything I read said to store data in cookies.
Any way i can report a website for violating this rule because I see it constantly everywhere and it seems to have no consequences.
GDPR infringements are categorized by severity and impact to its users, but also by the yearly turnover by said company. Meaning cookie banners by smaller companies are low priority.
You could try contacting the relevant Data Protection Authority from your country or the providers country.
they shove all their “special” cookies up your computer’s ass and it gets super stoned and forgets it’s not supposed to tell you about how they’ve already taken over the world.
legally as mentioned elsewhere, it’s supposed to treat it as a rejection, except for “necessary” cookies. but, eh… I’m not sure I would trust that. if there’s a website you’re concerned pushing cookies, use firefox’s private window mode. (I wouldn’t trust chrome to not just pretend like incognito actually did something. while it really does nothing.) all cookies are sandboxed, and deleted after you close the browser.
Legally, the user has NOT allowed ANY cookies then. (The law still allows the technically needed ones)
But in practice, it is not easy to find out what a website does.
I have a question, it’s maybe stupid but still:
Aren’t cookies, like, files on your device?? Can’t you just forbid websites to write anything to disk??
It’s not just about cookies, they spy on you in other ways.
