I never understood why websites are required to inform about cookies if it's acutally the browsers who store the cookies on the device and send them back to the server.
How about a domain.tld/.well-known/cookies.txt file that contains a description about each cookie-key and then let the browser provide the UI for displaying that information and being configurable on which individual cookies to store for how long? (and for example discard all cookies that are not described in the cookies.txt file)
Websites are legally required (both e-privacy directive and GDPR) to inform users (at least those from the EU) about what user information they store/track. This pertains to cookies as well as any other methods of doing so. Since they're the ones doing that, it makes sense that they're the ones with the legal obligation. It just so happens that just about every website decided to make this incredibly obnoxious, instead of respecting their visitors.
As a legal professor said (paraphrased): it was amazing to see an entire industry come together to undermine legislation.
Why are websites required to inform a user about data tracking and required to ask for consent in a custom implemented, not-machine-readable dialog/poup. The user can not even check if the tracking is actually disabled once they clicked "decline" or "only accept technical required cookies".
Why not require websites to provide that information on a per-file/per-cookie/per-localstorage-key level.
Then browser could block all js-files/cookies/storage-entries that have now proper description included (eg, in an http-header for files, or a robots.txt-like cooies.txt file, or as standardized comment at the top of a js file).
Currently there are extension like no-script taht block everything, but how about allowing/requirig site-owners to annotate files with tracking meta data in order to be unblocked?
They are not. They are required to inform and ask for the user’s consent to process their information. They have to provide a way to retract that consent at any time too. How they do it is mostly beyond the scope of the legislation. They have to provide some points of contact but that’s about it.
Because it's not just about cookies. There are two laws at play, the GDPR and the ePrivacy directive. It's a mix of cookies, local storage, allowing the browser to load third party tracking scripts after information/consent, and data processing taking place on the server side. Simply solving cookies won't make the banners go away.
How about a domain.tld/.well-known/cookies.txt file that contains a description about each cookie-key and then let the browser provide the UI for displaying that information and being configurable on which individual cookies to store for how long? (and for example discard all cookies that are not described in the cookies.txt file)