Does the GDPR define what the default behavior should be when the user refuses to specify? Does it vary by site? Is it like clicking either “Accept all” or “Reject all”?
There is no reject all in GDPR, because functional cookies are still allowed. So the default behaviour is only functional cookies are allowed.
Edit: Companies have been fined for making cookie options too complicated, under GDPR all other cookies are opt-in. This is what a banner should look like:
Good to know that’s the default. I do definitely see prompts that have “Reject all”, plus some banners that only have “Accept all” and “Cookie settings”, with “Reject all” or “Necessary cookies only” only visible in the cookie settings. Thanks.
they shove all their “special” cookies up your computer’s ass and it gets super stoned and forgets it’s not supposed to tell you about how they’ve already taken over the world.
legally as mentioned elsewhere, it’s supposed to treat it as a rejection, except for “necessary” cookies. but, eh… I’m not sure I would trust that. if there’s a website you’re concerned pushing cookies, use firefox’s private window mode. (I wouldn’t trust chrome to not just pretend like incognito actually did something. while it really does nothing.) all cookies are sandboxed, and deleted after you close the browser.
Legally, the user has NOT allowed ANY cookies then. (The law still allows the technically needed ones)
But in practice, it is not easy to find out what a website does.
I have a question, it’s maybe stupid but still:
Aren’t cookies, like, files on your device?? Can’t you just forbid websites to write anything to disk??
It’s not just about cookies, they spy on you in other ways.
