“Accept All Cookies”, or Don’t
Cookie popups ruined the web. Must we keep on like this? Ignorant people and predatory ad vendors ruined the internet. It's positive that site owners are forced to disclose some of what they do, because otherwise people would pay it no mind and assume everything was all roses. If the EU can annoy Americans enough into enshrining some sort of consumer data privacy protections, maybe there'll have been a long term point to all this. Focusing on cookies was a mistake. They should have insisted the Do Not Track header be respected. How a user can be sure websites respect this header? Cookie banners is a work in a field requested by masses which is done obviously. The genie must work according to the letter of the request, and what was the spirit of the request he doesn't care. The GDPR didn’t focus on cookies but on informed consent to be tracked. Do not tracked died when Microsoft set it as default in internet explorer. I don't even bother rejecting cookies anymore, I reject the whole website altogether, bounce right off. You don't need to have cookies on your website unless you need to reconnect the browser to a session where you're keeping their authorization etc.
Unfortunately most people just want to run a website to do something and the easiest thing is to use WordPress or whatever the popular framework is, which has this cookie behavior built in because it "might" be needed. I browse with all cookies blocked, except on sites which I need to login with. This sometimes gives me a "enable cookies to use this website" message but I just move onto the next website in my search. To answer your question however, website owners need some analytics to know if their site is getting attention, what people click on, where they go. It really helps to improve the UX and reinforce the 3-click rule (your visitor should get to the page they want in 3 clicks). Perhaps if an analytics package was part of every framework, less efforts would be placed into using external companies which must monetize people. Just a thought. I not only reject all non-essential cookies and click on the "Object to all legitimate interests" button if available. I take it further when there is no "Object to all" button, which is most often the case when there are so-called legitimate interests. In those cases I will masochistically go through each and every one of the myriad companies in "Our Partners" lists one by one, and manually object to each of their bullshit "Legitimate Interest". I mean, sometimes it may actually be legitimate (e.g. prevent fraud?), but I so often see that their so-called legitimate interest is something like "Build a personalized ad profile" that I just burn them all. I've honestly sometimes been at it for about a whole hour, tap-tap-tapping on my phone or tab-tab-spacing on my laptop, because I'll be damned if these dark patterns let them get away with it. Also, I can fantasise that the day a whistleblower shows that the objections were actually ignored or simply non-functional, I will join the class action lawsuit and sue them for the hours I have wasted for no purpose while believing it was doing something. But I digress. If I had the time and the frontend skills, I would love to create a browser extension that will not only actively reject and object to everything. I would even like it to have a bloody-minded option to actively accept cookies from companies that do not claim "legitimate interests", but that will reject (and object to) any that do. A man can only dream, while he's tap-tap-tapping "object" for hours and cannot even remember what the site he was going to look at is even about... Must we? Yes, because people who do not clearly identify and thus do not clearly understand "the problem" are responsible for producing "the solution", the point of which is also never clearly identified nor understood. In the meantime, shortsighted and greedy "site/platform owners" (ex: the people who think 3 popups and 47 ads are a quality user experience when trying to read a recipe for pancakes) in conjunction with the heinous adtech industry have already moved on and do not care. 99% of people already just accept the cookies just like they click through the EULA popups and simply don't give a damn about this. The tracking companies already engineer solutions to enable tracking without the "easy mode" of cookies. By the time the fumbling incompetents produce "the solution", the target has already moved, and since those folks are very much OPPOSED to actual individual privacy/sovereignty they will continue to waffle around with halfway things which only degrade the user experience without solving anything. Errr. One of my "favorite" things about cookie banners .. this blatant lie of a message: "We value your privacy" Nope, you don't .. you value selling my data and ads revenue. Of course you value those, because it's the primary job you were given: make money. And that's okay. Lying in my face with this message though, leaves a foul taste in my mouth. Every. Single. Time. When I see this written, I like to take it quite literally. It means your privacy has a value, literally it is valuable to us. And thus we will monetise it. Why would we not, it has value, after all? A solution more harmful than the non-existant problem it was meant to solve. We are very good at that kind of things. The value of this, and more so GDPR, however annoying one may find it, is that it gives the consumer rights that they can use to punish a bad actor. The dialogue is not really the point, it's what you can do with the rights that the dialogue gives you. Additionally, websites could also implement the cookie (and GDPR) dialogues in a way that wasn't painful. The law doesn't say that you have to implement the dialogue in the slowest most CPU intensive way possible. Any suggestion for a more elegant solution? For example, with copyrights, it’s in many ways granted automatically just by existence. Other terms and privacy rights don’t require popups. I don't have anything specific. I think most websites have a slow-and-painful cookie/GDPR dialogue because they must have it so there is no real reason to make it good, they can just blame the law for why it sucks. But, for example, many many websites I visit load up, and then a few seconds later (massive JS download? Some cute animation? I don't know) a dialogue pops up asking for my consent. They could optimize to make this experience better, there is nothing about the web tech stack that requires this sort of thing to be unpleasant. child porn / terrorism accusations ruine fundamental of web. Internets without cookie popups might be just a good facade on bad fundamental.