CNIL’s complaint stated that Google purposefully made the consent mechanisms more complex to push consumers to accept cookies––a clear violation of the GDPR’s requirement that companies provide equally simple ways to opt into or out of data collection."
So these dark patterns are officially violating GDPR. However there are still tons of websites implementing this.
My personal opinion is that after recent rulings startups need to be very careful. GDPR compliance is practically a nightmare for any entity that even so much implements visitor counter with default http logging turned on.
It will be interesting to see how solutions and landscape evolves once GDPR fines come to smaller companies and startups.
This indicates a massive need for GDPR or something like it, as opposed to the opposite.
The lack of disincentives to collect personal information is why so many softwares default to collecting it. GDPR flips the equation completely, where GDPR aware software (and lots of software now market their GDPR compatibility) will default to not collecting personal information.
Twitter injects a ton of cookies and there's not much you can do about it
The thing is; most sites do not honour your choices or make them as hard as possible as analytics and Adsense are required for monetising. Analytics can be replaced by friendly versions that are gdpr compliant without personal info storage or cookie tracking, but then your monetising (Adsense) or internet marketing (AdWords and landing pages) are not integrated into funnels and a lot harder.
I have tested it with some of our assets (most of which do no tracking at all and only have 1 necessary cookie for login without SaaS cannot work) but a few have Adsense and analytics; we have a small and simply bar; accept or not accept; both is one click. ~90% (not exact as we try to compare the Google analytics which means they did say Accept vs the none cookie analytics which means both accept and not accept) clicks Accept which is enough. We use [0] by the way.
With a little css it will look the same as the original tweet to which a simple link could lead you.
This is what you do if you value your users privacy. If not, then you have (under GDPR) at least give them the choice not to get these cookies. Which destroys the usability of your site for your privacy conscious users.
Don't foist untrusted code onto your visitors' devices.
For starters: don't include third party resources in your offering. That already cuts down tremendously on your exposure under the GDPR.
If you think this is bad, our (Italy) privacy laws in meatspace are orders of magnitude more annoying than GDPR, to the point where we have to write in our resumes that we allow whoever reads it to use it, otherwise they wouldn't be even able to store them in their archives.
