Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's in violation of various EU privacy laws like GDPR and the ePrivacy Directive.

They get discussed a lot here on HN so it's easy to assume everyone's familiar with them, but if you're not then you should search up a summary on them.



Defaulting to no cookies is a violation of privacy laws? How?


I read the comment "dropping cookies" Not as "defaulting to none" But rather "adding them , drop as in airdropping or dropping a payload.

That's how I read it at least, which would mean they're defaulting to cookies when no consent is reached, but I could be wrong.


That would conflict with normal cookie terminology, where cookies are "set" and packets are "dropped".

But much more importantly, it is completely impossible in the context of the thread:

> [Accusation 3.] On their cookie banner, rejecting took two clicks while accepting took one.

> On 3, Microsoft argued that (a) rejecting was not actually required to be as easy as accepting and that (b) since the default was no cookies and it took a click to get cookies that rejecting was easier than accepting. The CNIL disagreed on both.


"Dropping cookies" is one of those fun phrases that is commonly used to mean two opposite things.


But it can only mean one thing here, because it is labeled as the thing Microsoft was doing, and we know what Microsoft was doing.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: