99% of people have no clue what a "cookie" is used for and just hear that it is "evil" and such. At the same time, these same people have no problem exhibiting themselves of Facebook or tracking their positions on Foursquare.
@gov: Just make something like this (http://www.networkadvertising.org/ > "Conumer opt-out") legally binding for tracking networks (not for individual web sites!) and the whole "Cookie" paranoia is solved.
> 99% of people have no clue what a "cookie" is used for and just hear that it is "evil" and such.
99% of people also don't know how to evaluate the safety of a food additive.
Most don't even know proper food handling procedures and couldn't even evaluate the food safety procedures of their favorite restaurant's kitchen (assuming they even had the time to do so).
Hence, governmental regulatory bodies. You might not agree with the regulatory environment, or with the outcomes, but the regulatory position is logically consistent.
> At the same time, these same people have no problem exhibiting themselves of Facebook or tracking their positions on Foursquare.
Ignorance aside, people are quite often circumspect with what they share on social networking sites; they, honestly have no idea the level of tracking and data sharing that occurs.
Even still, your statement is an unfounded generalization; there are clearly plenty of people that don't use Facebook (or Foursquare) and do have a problem "exhibiting" themselves.
> @gov: Just make something like this (http://www.networkadvertising.org/ > "Conumer opt-out") legally binding for tracking networks (not for individual web sites!) and the whole "Cookie" paranoia is solved.
As a consumer, I prefer opt-in for analytics, user tracking, and unsolicited spam.
I'm not sure your comparison with food safety is completely apt; This cookie law is the equalivant of being asked "Do you consent to the use of sodium benzoate in your food" before entering any restaurant. Most people will have no idea what to make of that, and will probably hate being asked every time.
It would be different if tracking was such a problem that it was outlawed all together (like dangerous food additives are), as that would be clear to everyone how to proceed.
The previous implementation of the law was opt-out. It didn't work, because most users were completely unaware they were being tracked.
The real saviour will likely come in the shape of browser support for Do Not Track [1]. While it's not fine-grained enough to be used as the sole mechanism for gaining user consent for all non-essential cookies, it at least covers the 3rd party tracking cookies that were the motivation behind this law change. Note that DNT specifies that the default MUST NOT be opt-in:
> A user agent MAY adopt NO-EXPRESSED-PREFERENCE or OPT-OUT by default. It MUST NOT transmit OPT-IN without explicit user consent.
It didn't work, because most users were completely unaware they were being tracked.
More like, most users just plain don't care. So now, the regulators respond with: "we don't care what your personal priorities are, we're going to force everyone you interact with to conform to our values rather than your own".
getting their informed consent isn't going to pose an issue at all. So there's no problem here, right?
Wrong.
First, you're forcing anyone with a web presence that currently has cookies (and that's probably most of us) to spend time and developer resources addressing this -- time that we could spend really servicing our customers.
Second, you're still not going to get their informed consent. What makes you think that somebody's going to actually read the site's warning (assuming that there is one, and that it's written well enough to be comprehensible)? If they don't already care enough about web privacy issues, they're not going to take the time to read about them now.
Third, the regulation completely forbids a potential business model built around targeted advertising. There's nothing fundamentally wrong with that business model. It may be distasteful to someone sharing your values, but there are certainly a lot of people who don't care (and there's no fundamental reason that they ought to care). You're preventing people from doing business one way not because it's wrong, but simply because you find it distasteful.
> First, you're forcing anyone with a web presence that currently has cookies (and that's probably most of us) to spend time and developer resources addressing this -- time that we could spend really servicing our customers.
I don't accept your premise that "most of us" are using cookies.
In any case, many sites don't need cookies or similar technologies at all, and most of those that do only need them for session data like whether a user is logged in or what is in their shopping cart. Such use is exempt from these new regulations anyway.
I find it interesting that you have such a strong view about regulations that require some trivial effort on the part of legitimate businesses, while at the same time having no problem with a business model that is fundamentally built on harassing all users and making their browsing experience worse. How is your position not hypocritical?
> You're preventing people from doing business one way not because it's wrong, but simply because you find it distasteful.
While you, on the other hand, are suggesting there is nothing wrong with a busines model based on practices that consumers widely dislike but currently cannot do anything about.
The reason we have consumer protection laws is precisely so consumers win and abusive businesses lose in this sort of situation, and while I question the details of these new regulations, I see nothing wrong with the principle behind them.
> What makes you think that somebody's going to actually read the site's warning (...)? If they don't already care enough about web privacy issues, they're not going to take the time to read about them now.
If what you say is correct (that users don't care), they'll just click on Accept, right? And you have their consent. You've given them the option to make an informed choice. Your duty has been performed.
> Third, the regulation completely forbids a potential business model built around targeted advertising.
It forbids potential business models built around targeted advertising not based on visitor knowledge and consent (so it forbids business models that wilfully violate the privacy of site visitors without their knowledge, and without their consent). Again, if users don't care (as you point out), the gaining of consent isn't going to be an issue, so these business models will retain their viability.
So given your statement that users don't care about third party tracking or profiling, none of what you outline are really issues.
Along with the NAI check out what the newly formed Digital Advertising Alliance (http://www.aboutads.info/) is doing. Peter Kosmala, formerly from the NAI, was just appointed its head -- I would expect to hear more from this group soon.
Edit: The problem with both of these programs are that they are self-regulatory, which means only the "good guys" are going to follow the guidelines.
99% of people have no clue what a "cookie" is used for and just hear that it is "evil" and such. At the same time, these same people have no problem exhibiting themselves of Facebook or tracking their positions on Foursquare.
@gov: Just make something like this (http://www.networkadvertising.org/ > "Conumer opt-out") legally binding for tracking networks (not for individual web sites!) and the whole "Cookie" paranoia is solved.