Content crawlers, also called biscuits, help advertisers better understand user tastes and preferences on the Internet to provide more personalized advertising. however they are not without controversy for the invasion of user privacy they may do. Now the European Union, where it is mandatory to notify the use of biscuits, clarified some additional points regarding its regulations.
The European Data Protection Board has published guidelines for regulators (and web developers) to follow when applying Regulation 2016/679 with reference to the use of biscuits and user consent. Specifically, he discovered two somewhat ambiguous points, one regarding forcing users to agree biscuits to see the content and the other on which gestures can be accepted as consent.
Example cookie notice in The Guardian.
Information cannot be hidden behind a “cookie wall”
The first and probably the most relevant of all the changes concerns the Consent obligation of certain websites to display their content. In some cases, if the biscuits the web warns that it cannot display the information to the user. This is something that, according to European Union guidelines, websites should not do.
In the “Conditionality” section of the guidelines, in paragraphs 38 to 41, they clarify this point by indicating that forcing the user to accept biscuits to view free content this means putting a conditional and therefore it is not the user’s free choice to accept or not the biscuits from the web. In other words, if the user can only see the information on the web by accepting the biscuits you have to accept them even if you don’t want to.
Scrolling or other gestures does not mean accepting cookies
Another technique used by websites to obtain user consent to use biscuits it concerns the use of gestures. In other words, put in the notice of biscuits from the web that scroll web or gesture how to slide on the east side synonym to accept biscuits.
In the section “Unambiguous indication of wishes” in paragraph 86 of the document of the EU specifies that this is not allowed either. This “does not in any way meet the requirements of clear and positive action”. These are ambiguous gestures that the user can take to simply browse the web and are not exclusive to the acceptance of biscuits, so they cannot be used for this.
With these two main clarifications, regulators in every EU country can be clearer when a website breaks the rules or not. And in a way, it’s also a warning to web pages about the use of techniques dark pattern to collect information. Something that could lead to legal action.
the biscuits however have lost strength in recent years. Google will remove them from your browser if they come from third parties, macOS Safari mixes up data from multiple users to make it practically useless, and even the European Commission itself has acknowledged that biscuits they don’t do much good.