Taking the fight against consent banners to the next level
[Edited on November 10th 2022 to add recent Brave and Ghostery updates]
Back in 2018 we released a browser add-on that automatically removed some of the (then) most common consent banners. An additional feature would flag websites that, despite such “refusal by omission”, still served non-exempted cookies*.
Why would we do such a thing? We put some effort into explaining it at the time.
Consent Manager gained sufficient traction in a short while, and ended up featuring in WIRED a few months later.
With the evolution of cookie banner patterns, this add-on ended up requiring a significant upgrade to serve its purpose. Various alternatives would eventually become readily available, and it has now got to the point where it simply does not make sense to duplicate our efforts (or those of an open-source community). Instead, we are doing our best to contribute to the new breed — starting with a quick shout out to two specific initiatives: Consent-O-Matic and Brave.
Aarhus University’s Consent-O-Matic has adopted the more tedious approach: rather than simply removing banners altogether (and with them the chance of an accidental or forced “Accept All”), it automatically populates the options provided with your chosen settings. This is similar to what P3P (W3C’s Platform for Privacy Preferences) or even Do Not Track were once meant to do, with the exception that you are treated to the minor distraction of seeing the tool do its job in a minimized window. Consent-O-Matic t works pretty well when facing the most common Consent Management Platforms (CMPs) out there.
For its part, Brave has just announced an approach that is similar to PrivacyCloud’s. Rather than trusting that CMPs will actually respect an individual’s choices (there are far too many precedents of the opposite), Brave’s new release removes banners automatically.
Finally, Ghostery, the good old cookie auditing solution, has just launched a similar feature, providing (in our experience) the most effective answer to some of the most common CMPs.
*****
*Article 5.3 of the EU ePrivacy Directive establishes an opt-in principle for non exempted cookies which is subject to the GDPR’s definition of “consent” (see article 4.11, as well as recitals 32/42, and the EU Data Protection Board’s Guidelines on Consent). In essence, consent cannot be inferred from a lack of action.
