Analysis of economic and productivity losses caused by cookie banners in Europe

Original Article ↗ Hacker News Discussion ↗

Blame and responsibility

  • Many argue cookie banners are a self‑inflicted problem by adtech and websites choosing invasive tracking, then doing malicious compliance with GDPR/ePrivacy.
  • Others blame EU lawmakers for a “stupid” or poorly designed rule that predictably led to consent spam instead of real privacy gains.
  • A recurring theme: companies deliberately design hostile banners to push users toward “Accept all” and to generate public backlash against regulation.

What the law actually requires (and misunderstandings)

  • Several comments stress: banners are not required for all cookies, only when doing tracking / processing personal data beyond what’s strictly necessary for site functionality.
  • “Essential” cookies (sessions, logins, carts, fraud/DDOS protection) and some analytics with no personal data don’t need banners.
  • Confusion around GDPR scope:
    • It applies to “personal data,” not cookies per se.
    • Simple server logs with IPs, kept locally and not shared, are generally seen as acceptable.
    • Non‑EU hobby sites with no EU nexus are likely outside practical reach.
  • Many banners are themselves non‑compliant (no equal “reject all,” pre‑set tracking, “legitimate interest” dark patterns).

User experience and productivity impact

  • Some see the time cost (seconds per visit, ~1–1.5 hours/year/person in the article) as trivial relative to privacy gains.
  • Others argue banners:
    • Discourage visiting new sites and push people toward a few big platforms.
    • Add to the general popup/UX clutter (newsletters, “use our app,” surveys, AI chats).
  • Several mock the article’s economic loss calculations as exaggerated or methodologically weak.

Proposed technical and legal fixes

  • Strong support for a browser‑level, standard signal (Do Not Track, Global Privacy Control, or similar) that must be legally honored, eliminating most banners.
  • Some want tracking for advertising simply banned, not consent‑gated.
  • Others suggest refining laws to focus on data processing, not cookies, and to distinguish clearly between benign first‑party use and cross‑site profiling.

Enforcement, jurisdiction, and compliance behavior

  • Enforcement is seen as uneven and underfunded; some DPAs (e.g., France) fine big players, others are viewed as lax.
  • Non‑EU sites often ignore GDPR; some claim “just ignore it, EU can’t touch you” for sites without EU presence.
  • Anecdotes: GDPR requests used vindictively; early requests mainly from privacy advocates and competitors.

Views on tracking and business models

  • Split views:
    • Some accept “paying with data” as a reasonable tradeoff for free services.
    • Others reject the idea that personal data is legitimate “currency” and stress rights to privacy and control, which can’t simply be signed away.
  • Several note that many sites don’t truly need behavioral tracking; server logs or anonymized analytics would suffice.

User tools and workarounds

  • Many recommend blocking or auto‑handling banners: uBlock Origin “annoyances”/cookie filters, Consent‑O‑Matic, Hush, Kill Sticky bookmarklets, cookie auto‑delete.
  • These help power users, but commenters note this doesn’t fix the problem for the vast majority of users.