• Carighan Maconar@lemmy.world
      link
      fedilink
      English
      arrow-up
      95
      arrow-down
      7
      ·
      1 year ago

      To be fair, I can actually sort-of see a specific point here:

      They are legally required to offer you that cookie choice. If you block that choice, are they in violation of the law even if they cannot apply cookies? Just because their site does implement tech for it (even though you’re blocking it, but the law cannot know that) and they cannot show you the popup allowing you to reject the tech (since you’re blocking it)?

      Weird thing. Doubt there’d be a clear answer without someone dragging someone else in front of a court for it, plus that’s of course not why CNN is blocking us here, but it’s an interesting thought whether they are even allowed to let you on if they cannot present you with the GDPR choice.

      • xantoxis@lemmy.world
        link
        fedilink
        English
        arrow-up
        89
        ·
        edit-2
        1 year ago

        Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature. Let the user make the choice once, in the browser, and let the browser tell the visited site what’s allowed. Statutory compliance would mean something like

        • browser detects and warns about cookies which do not appear to be in compliance with user’s preferences (optionally: browser can block cookies which do not appear to be in compliance)
        • browser detects sites which do not implement the spec at all, and warns the user about that
        • regulatory body checks for compliance on any site with over X number of users
        • regulatory body checks major browsers for compliance
        • any combination or all of the above
        • Mechanize@feddit.it
          link
          fedilink
          English
          arrow-up
          39
          ·
          1 year ago

          Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature.

          Well, it kind of is. The Do Not Track header has recently seen a court win in Germany (source):

          It turned out that the judge agreed with vzbv, ruling that the social media giant is no longer allowed to warn users it doesn’t respect DNT signals. That’s because, under GDPR, the right to opt out of web tracking and data collection can also be exercised using automated procedures.

          And it is basically the same in California too Source

          GPC is a valid do-not-sell-my-personal-information signal according to the California Consumer Privacy Act (CCPA), which stipulates that websites are legally required to respect a signal sent by users who want to opt-out of having their personal data sold.

      • Honytawk@lemmy.zip
        link
        fedilink
        English
        arrow-up
        21
        ·
        edit-2
        1 year ago

        They should just treat it as declined every necessary cookie and move on

      • JustEnoughDucks@feddit.nl
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        2
        ·
        edit-2
        11 months ago

        Then why can over 100,000 other sites show their cookie banners as required by GDPR while Firefox + unlock origin is active, but somehow one of the largest media companies in America “just can’t do it” without disabling your ad-blocker?

        If they really couldn’t do it, they would do like Home Depot did and block anyone in europe from accessing their site.

        This is not about GDPR at all! This is exclusively about forcing you to disable your ad-blocker so they can make more money from offering a bad browsing experience.

  • gregorum@lemm.ee
    link
    fedilink
    English
    arrow-up
    239
    arrow-down
    2
    ·
    edit-2
    1 year ago

    INVADING YOUR PRIVACY IS REQUIRED TO PROTECT YOUR PRIVACY

    LET US IN!!!

    • douglasg14b@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      edit-2
      11 months ago

      In this case no not really.

      The cookie you might be using is going to be storage that’s going to contain your preferences. Assuming they actually applied by the regulations they claim to then that cookie actually won’t be used to track you it will simply be used for the intended purpose of cookies in the first place.

      Not that I agree with their approach but but they are essentially saying here is that since there is no way to save your privacy preferences they are not in compliance with the law by ensuring that you have set your privacy preferences. Which it’s kind of bullshit, dick move on their part.

      • FoxBJK@midwest.social
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        2
        ·
        11 months ago

        It’s the most ironic part of GDPR. To avoid annoying the user, you have to set a cookie to remember that they don’t want you using cookies.

        We should’ve encouraged everyone to re-implement the “DNT” request header, or something similar. Much simpler for the site owners/devs, much more convenient for end-users.

        • smileyhead@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          5
          ·
          11 months ago

          In EU law you do not have to ask for consent about storing preferences. Just for processing personal data, including IP address. So if they would not process personal data, everything would be fine.

        • fallingcats@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          11 months ago

          The gdpr isn’t about cookies, it’s about tracking. Yes you should remember not to track if the user said so. Nothing ironic here.

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      56
      arrow-down
      3
      ·
      edit-2
      11 months ago

      They could be telling the truth… It’s possible that OP is in Europe and the ad blocker is blocking a GDPR cookie consent notice.

      The message explicitly mentions EasyList Cookie, which is described like this on https://easylist.to/:

      EasyList Cookie List blocks cookies banners, GDPR overlay windows and other privacy-related notices.

      Edit: I’m not agreeing with what they’re doing. I’m just saying that the message may be accurate. Having said that, maybe blocking a cookie banner should count as an opt-out, so they shouldn’t show this notice and instead just automatically reject the cookies. I’m not sure if the law is clear around this, though.

      If you want to opt-out of tracking cookies, consent-o-matic will likely work better. It automatically clicks the right buttons in the consent notice for you.

      Edit 2: The law seems unclear about what to do if the consent notice is blocked by the viewer’s browser (and thus they can neither accept nor reject cookies), so maybe blocking access to the site is likely the safest approach for them to take.

      • BigDiction@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        ·
        1 year ago

        Imagining a returning user who previously consented. If non essential cookies changed since their last visit, that user needs to consent again. But in scenario, just auto opt them out? I’m weirdly on the fence between this might be a reasonable block or a violation of GDPR for denying access to users who do not provide consent.

        • dan@upvote.au
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          11 months ago

          I’m weirdly on the fence

          Yeah I’m not quite sure either. I don’t think the people that wrote the cookie consent laws considered the fact that users may block or otherwise break the mechanism that sites use to show the consent prompt…

      • sin_free_for_00_days@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        9
        ·
        11 months ago

        I’ve had it happen to me for a week or two now. US based. I always just figure if a site doesn’t work with my blockers, then I really don’t need to see it.

      • tslnox@reddthat.com
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        11 months ago

        The law is done dumb. They should update it to say “the banner must always have a “reject all” button which rejects everything (including the legitimate interest) on it and it must not be hidden inside any further clicks”

        I’m sick of having to search for that button under two sub menus or having to uncheck 20 check boxes. And what the hell is even “legitimate interest”? There’s nothing legitimate about any tracking at all. This phrase really offends me every time I read it.

  • SzethFriendOfNimi@lemmy.world
    link
    fedilink
    English
    arrow-up
    99
    arrow-down
    5
    ·
    edit-2
    1 year ago

    CNN: We can’t ask if you want to allow cookies because you’re blocking everything

    Me: Which means I don’t want you to……….?

    CNN: No idea, we have to ask you.

    Me: I’m so strict you can’t even ask meaning………?

    CNN: You….

    Me: Yes?

    CNN: Uh………… don’t want……

    Me: Yesssss………

    CNN: To miss out on us asking you.

      • TheEntity@kbin.social
        link
        fedilink
        arrow-up
        44
        arrow-down
        1
        ·
        1 year ago

        GDPR doesn’t require them to ask if they would just not violate our privacy. In other words, it’s perfectly legal to assume “no” if they have no means of asking.

        • sanpo@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          24
          ·
          1 year ago

          It’s not only legal to assume, it’s a requirement to default to “no”.
          Tracking is opt-in.

        • xantoxis@lemmy.world
          link
          fedilink
          English
          arrow-up
          13
          ·
          1 year ago

          Indeed. If a site simply doesn’t send you cookies, there’s no question of GDPR compliance. Blocking the cookies amounts to the same thing.

          I’m currently wondering if CNN may actually be in violation by doing this.

      • FishFace@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        1 year ago

        The requirement to not track users with cookies does not extend to cookies that make the site work in the first place, such as those which track your login session, or your refusal of other cookies.

        • Delta_V@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          so don’t track login sessions, etc.

          no cookies, no problem with not having asked for cookie consent.

          if the site breaks, it breaks, and leaving it broken is a choice users can make.

  • key@lemmy.keychat.org
    link
    fedilink
    English
    arrow-up
    73
    arrow-down
    1
    ·
    1 year ago

    I just opened CNN on firefox with unblock origin on both mobile and desktop without issue.

  • Blackmist@lemmy.world
    link
    fedilink
    English
    arrow-up
    62
    ·
    11 months ago

    I had that with “I don’t care about cookies” add-on.

    I disabled it and then it blocked me for being from Europe. 🤷‍♂️

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    60
    ·
    1 year ago

    Honestly CNN isn’t great and this screen is just a reminder to go somewhere else.

    I just hope this isn’t a trend.

  • ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    36
    ·
    1 year ago

    I block CNN by not visiting their website.

    The only CNN worth anything is CNN International, and that still works fine with all ad blockers raised. But even CNN International started pulling the same stunt, it’s not remotely good enough that I would miss it either.

    • FoxBJK@midwest.social
      link
      fedilink
      English
      arrow-up
      4
      ·
      11 months ago

      Do you see a similar message for other news and social media sites? My gut tells me that it’s just one of many blocklists added to your company’s firewall but they don’t have a specific message for “blocked because not work related”.

      • Bruncvik@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        I’m getting these messages occasionally, but usually they make sense, such as when I go to online gaming sites or torrenting portals. Didn’t try porn - don’t want a call from HR. In general, our IT policies are fairly sensible; this is one of the very few outliers.

      • Bruncvik@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        All other MSM, even some more questionable like The Sun or Fox News, works fine. CNN is the only one blocked.

  • squid_slime@lemmy.world
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    1
    ·
    edit-2
    11 months ago

    If someone’s savy enough for ublock I’m sure they’re savy enough to tell CNN to get fucked