Q: I keep getting all of these cookie notifications lately? I know websites have been using cookies for years. Why do they feel the need to tell me about it now in such an ‘in your face’ manner?
Q: Recently I was traveling in Europe and when I tried to view a website back in the US to read about the hurricanes I kept getting messages that the site was unavailable due to legal reasons. Did I break the law? I was worried they wouldn’t let me leave the country!
A: This, my friends, is what we PropellerHeads call a twofer. Two seemingly unrelated questions that actually share the same answer because their cause is identical. And that cause, my friends, is what we PropellerHeads lament is the most annoying, and far-reaching piece of legislation emitted from the European Union. Like ever!
The cause for all of your grief is the General Data Protection Regulation for GDPR for short. If you want to slit your wrists, ahem, I mean put yourself to sleep, sorry, I mean to marvel at an exquisite piece of legislature, read the full text at bit.ly/2PxEotT. For those of you not on suicide watch, let’s continue.
While you can probably read between the lines to garner my love for the GDPR, this is a classic example of lawmakers having good intentions, but totally mucking up implementation. Because at its heart, the GDPR is a good thing. Why? Because it’s goal is to protect you.
Think of how much Amazon, Apple, Facebook, Google and the like actually know about you. Quite a staggering amount actually. Amazon knows from your recent purchase of a cat turntable (https://amzn.to/2NHS5Et) that you a) have a cat, b) have more money than you know what to do with, c) are possibly crazy.
If you have an Android, Google knows pretty much where you are all the time (google.com/maps/timeline). Regardless, they know you tentatively typed into their search one day “is the earth flat”. Dude, its not. And social media platforms know you better than you know you.
Combine all that data with the gluttony of hacks over the years (bit.ly/19xscQO) that seem to be getting larger and more frequent. Also consider when companies decide to share that data willingly with others in morally ambiguous ways (bit.ly/2lE1f9o).
And this leads the EU to (rightfully, I think) to develop a law to protect people in both regards. So, if a hack occurs, you need to be notified exactly when it happened and what data was compromised. And speaking of that data, they need to tell you what they are collecting about you and how they are using it.
But you might not always just want to accept or click the X to move on. You may want to check out the details from time to time. Usually it is handful or less of cookie options, but some sites, particular sites that survive on ads, will have dozens (one I looked at had 75!) third party advertising networks slipping in some cookies as well. I hate ads, and I appreciate my anonymity so I tend to check these things out more than most people. Maybe knowing the scope of how you are tracked might nudge you to do the same.
Hold on. This is a European thing, why is this impacting us here in the US? Well, as we know, Amazon, Apple, Facebook, Google and the like are not restricted to just the US. So if they have to meet the requirements of the GDPR it is just easier for them to apply the impact of the regulation to everyone, not solely Europeans.
And what about websites that don’t even offer their content any longer to the European region? Probably that is a temporary condition until they can make changes to their sites to meet the requirements. Or, it could be form or protest. Or, they are actively engaging in morally questionable sharing of your data and don’t want to fess up that they are.
But don’t worry about all that. Just get a much more satisfying physical cookie from your nearby boulangerie while tromping across Paris muttering “let them eat cake.”