> The AI industry participated in drafting the AI Act, but some companies have recently urged the EU to delay enforcement of the law, warning that the EU may risk hampering AI innovation by placing heavy restrictions on companies.
Where YOU live you can have all the unbridled capitalism as you want - be a product for tech bros and help make some executive a billionaire - I don't care!
Where I live, I want this shit regulated. So, good stuff, EU.
IIUC the infamous cookie banner law only to inform the user of cookies/client tracking, it did not require to ask for consent. that came with GDPR and other privacy laws
Most cookie banners don't seem to actually meet the requirements of the law, at least to my reading, which does say denying them has to be as easy as accepting. And the law doesn't even suggest a popup or banner, just that you can't add cookies without receiving permission - fully opt in would work for it
TL;DR: the cookie banners and consent forms are designed to make you blame the EU.
You don't need a cookie banner if you aren't doing anything shady. Using cookies (or other such mechanisms) does not require information or consent popups when they're necessary to make the product/service work for technical reason - the canonical example being session cookies.
The corollary here being, you only need consent popups if you're doing something shady but not strictly illegal. They're not meant to be annoying - they're there because it's illegal to do shady shit without the user agreeing to it, and "agreeing" in the EU means "informed consent". So you have to inform, and then get consent.
It's all pretty reasonable. But of course, people doing shady shit really don't want the users to understand it and risk them not consenting - and they especially hate having to ask in the first place. The industry settled on a "malicious compliance" approach to GDPR - show popups that, as much as they can get away with it, maximize the chance of people consenting to make the popup go away, make the "informed" part as opaque as possible, and generally make this thing super annoying - and then tell people it's all EU's fault, hoping enough Europeans will buy it and the public pressure will make EU undo GDPR.
Though again, not ideal IMO; based on skimming those policies, I think they could've set it up so consent popup only shows in specific situations that trigger the need for it. That, and I don't get why they use (a minimal build of) Google Analytics, and let that data fly over to the US (which they explicitly acknowledge). That's just lazy.
From a web designer's perspective if its a question of "do I do it the way that europa.eu does it, or try to pioneer some new other-than-banner approach to GDPR compliance - what is the risk to me or my company that I'm doing it wrong that that the EU will come down and fine me?
Maintaining the same interface as europa.eu is the least risky approach and so everyone does it that way.
If one wants to say "the GDPR doesn't mandate cookie banners" then it should be the GDPR site in europa.eu that demonstrates how that can be done with other styles of cookie consent.
Until then, it is perfectly fair and reasonable to assert that the GDPR requires it because the GDPR site itself uses it and companies that haven't done it that way have gotten fined.
Your "of course" basically makes my point. If your regulations fail to account for predictable cobra effects, you are not good at regulating. The comments on "Dear Paul Graham, there is no cookie banner law" were way more thoughtful than what I'm getting now.
Where YOU live you can have all the unbridled capitalism as you want - be a product for tech bros and help make some executive a billionaire - I don't care!
Where I live, I want this shit regulated. So, good stuff, EU.