Cookies banner not enough

Have been talking recently with the company that drives our privacy policies and all of those things.

They told us that we need to put, besides the cookie banner, a preferences panel so the user can select which cookies they want to use. I don’t see the way to do that in Sparkle.


Sparkle itself sets as far as I know only 1 technical cookie, and that is rather unproblematic.

Critical are the cookies from third-party providers, which do much more tracking and analysis. More data is collected and sent. And it is exactly against this that data protectionists want to take action.

It is required that the visitor must explicitly agree (click) beforehand if he wants to use such a service. Goggle Maps is currently coming under fire.

In the opinion of lawyers and courts, a mere reference in the privacy policy is not sufficient.

Mr. F.

you could use this free service

This GDPR is becoming more and more complicated for the average user as the months roll on! :weary:

The moment you turn on your computer and interact with the internet is the moment your share your personals and identities! Gmail monitors your keystrokes and reads through your outgoing and incoming mail - where is the GDPR on that?

Facebook listens to you on your smartphone and in the next 15 odd minutes advertises to you what you were talking about, where is the GDPR on that?

1 Like

Hello Hendrik.

It is well known that Google and Facebook do not take data protection very seriously.

Anyone who knowingly and voluntarily exposes themselves to these services should know this and it’s their own fault.

With websites, it’s a different story. There are people who avoid these services. They then come to my website, for example, which at first glance has nothing to do with the data octopi.

And then, without warning, they are confronted with embedded Google services and other “bad guys” that they couldn’t avoid. And that’s where courts come in and condemn this. This is true at least for Germany.

I think Sparkle has to take action here and handle this a bit more strictly. Duncan and his team need to know how to implement this. Until then, I have removed all Google services - and Facebook anyway - from the websites. You can live quite well without them. Maybe even better and more carefree.

Mr. F.

I know what you are say Horst, but I only used Google and Facebook as an example.
Your OS is doing the same thing. Not so much with macOS but Windows is a shocker for it, and let’s not start on Google Android!

Not even your Private Browser is private in most cases!
I don’t know how far this has to go?.. For me it is a total distraction in what is really going on with how they are syphoning our interactions with our personal PCs and with the web, not only websites.

I feel Sparkle has pretty good GDPR protocols in place. I mean there are even big EU companies out there I have come across with no GDPR in place! In the end it is not my call, only my observations for the last 15 odd years running an online business or two! :slight_smile:

Thank you for your point of view! :slight_smile:

A cookie banner that allows site visitors to pick their cookie flavor is:

  • complex to build:
    it means you have to categorize every cookie for every service you embed on the site, or pay a monthly fee for a service that does this very useful thing for you
  • complex for site visitors:
    how many regular human beings know the difference between the different cookie flavors and the nuance of how every one of the tracking services uses them?
  • questionably a legal requirement:
    my last reading of the relevant regulation was that a preference of which cookie flavor to allow was not a law requirement, only something overzealous services chose to implement
  • a cookie service party:
    the aforementioned overzealous services are super happy to charge you a monthly fee for “solving” a complexity problem that is not there if you are savvy enough

This complexity is legal people’s wet dream. It isn’t enough for the scumbags to have filled every website on the internet with an advertisement for their legal services, they also want to make it the first thing anybody visiting any site on the internet sees, and they want to make it more complex than a 747 cockpit, if they possibly can.

So who exactly is the brain damaged user who will willingly enable tracking if they have a big button saying “deny tracking”? Which incidentally is in fact legally required to be present and have the same prominence as the “accept” button. Apple’s iOS popup that lets apps ask users to be tracked is reportedly getting in excess of 99% denial, as expected.

All the complexity of a cookie preference panel caters exclusively to the adtech market who hopes to confuse at least some of the users enough to get a small percentage of them to accidentally enable at least some tracking.

So no Sparkle does not have a way to add preferences to selectively block cookies based on flavor.

Ultimately I expect that we will have to cave and add it, just because legal people don’t understand technical matters, and they don’t think twice about adding complexity just “to be on the safe side”, and once that legal advice is given nobody questions it because, well they’re the lawyers, you have to follow their advice.

I’m not sure my hate for the complexity that legal people added to the web made it through, so I’ll just add that I really really loathe this dynamic of mutually assured destruction.


I agree 100% with your words. The people that make the laws don’t know anything about these things and think that people care about tracking, when they only care about it when you tell them and if they can choose they are going to choose not to.

All of that been said, I also think you need to add the panel to sparkle to be able to be right with that shitty regulations and the privacy-advisory companies that serve the businesses we make websites for because they ask for it.

Much has already been said on this subject. And I may not be entirely correct in my assessment. Who knows.

Therefore, I will leave it at that. If anyone has felt personally attacked, I am sorry. That was never my intention.

Ultimately, everyone has to decide for themselves and their website what tracking they use, as long as they are aware of the possible consequences - legal or financial.

The verdict of a court now weighs heavier than the personal opinion on the GDPR. And how a court decides? Who can predict that.

Unfortunately, my feeling is that Google ranks websites higher/better the more Goggle services are included. You always pay a price and everyone has to die a death.

Mr. F. - End of transmission

Totally agree with Duncan’s take on this… it is destroying the web by a 1000 cuts! :frowning:

@Mr_Fozzie, I appreciated your take on this as well and I felt in no way it was an attack.
All good on this end! :slight_smile:

1 Like

I always welcome your contribution, there are just so many unknowns and bad actors (including legal teams), that it’s mind bending.

It will be very interesting when the brand new internet comes online, Tim Bernard Lee (I think that’s his name) has been re-writing the whole ‘thing’. Food for thought, and no this is not a conspiracy theory. If you research, deeply you will discover the truth. Enough said.

His name is Tim Berners-Lee and he has good views about the protection of personal data on the Internet.

We can be curious about the future. Or is he the Don Quixote of modern times, fighting against the windmills G—le F–eb–k am—n, or whatever they are all called?

Mr. F.

That’s his name, thank you for that :). I think he has been working on this since at least 2016. Yes, he is working for the greater good :slight_smile:

Interesting topic for discussion. I share the complaint regarding the incursion of lawyers just to take advantage. The issue is that there is also no education on the importance of data and the social manipulation that is done on a large scale with it.

Do not use any social networks and the sources are Sparkle’s own or those that I have purchased and licensed for use on the Internet.
The only thing I have used so far is Youtube and Vimeo and I am in the process of self-hosting those materials.

Interestingly the Freeprivacypolicy [dot] com site mentioned above does NOT have a pop-up cookie consent on their site. Just ironic.

Where is it written that it must be a popup banner?
They very well have a cookie notice, in which you can also reject cookies.

Cookie banners have become the plague of the web.
I just clicked a consent message away that read like a book for (advanced!) law students. Appalling! The worst thing about this is that the responsibilities have been handed to the visitor who has absolutely NO idea to what he/she agrees. One must be a high ranking law expert far from reality to come up with such a nonsense.

Screen Recording 2022-10-19 at 09.50.18

However, we obviously need them and I think, that Sparkle does a great job.
And if you don’t agree: imagine what monster of an engine Duncan and the team had to build to not only select whatever 3rd party service we come upt to integrate in our websites but also interact with them based on visitor’s choices.

1 Like

Ahhh @abra100pro, what an absolute horrendous joke!

They taught us in design school we had 3-7 seconds to capture the Users’ attention otherwise you had lost them. These GDPR monstrosities take somewhere between15-30seconds and more! There will be a lot of Users that could not be bothered and I don’t blame them!

You are totally right in how Sparkle does a great job with all this, and thanks for sharing! :slight_smile:

Well a hair-pulling weekend later we have come to terms with the need to add support for this sort of stuff, and yeah my guess is the cookie banner providers must be in the pockets of the adtech industry, they certainly aren’t thinking about website visitors!

From a timeline point of view we’ll unfortunately only get around to shipping something that has improved cookie law support in early 2023. I don’t look forward to wasting previous development time on this feature, but such is life.

For the time being I can offer this reference:

So to be clear you don’t need to add checkboxes for different cookie types (corresponding to data treatment purposes) if your site does not in fact have those.

In fact if you don’t embed third party content and don’t have analytics enabled, you don’t even need to cookie banner, though you would need a privacy policy. Unclear if you would need a cookie policy if you don’t have cookies, I’d say no but who knows.

And by the way there are sooo many non compliant websites out there it’s not even funny. Not a reason to not be compliant of course, but hardly a pressing matter for anybody except trigger happy lawyers (sorry german friends).