It's not about personal preference. The GDPR does not talk about a "reasonable default", but about "freely given, specific, informed and unambiguous" consent from the user. There must be a "clear affirmative act" by the user, so consent has to be opt-in.
There's no penalty for prompting when consent is not needed, so everyone just decided to prompt of their own volition to minimize legal risk. The law doesn't force sites to prompt, but it effectively forces users to answer prompts.
I wouldn't actually mind that. What does annoy me is that most prompts are heavily biased to make you give consent - e.g., declining is made a lot harder than just blanket accepting.
The reasons for those are obvious and somewhat understandable from the companies' POV. Nevertheless, I don't see how a prompt employing dark patterns constitutes free and informed consent.
As such, I'm glad this descision seem to go in the same direction.
...while not apparent on the main page (I'm sure they'll fix this in time), if you click on any item, no matter which item, there will be a little "Prop 65" warning notice, with a link to this page (rendered as a dialog):
more precise: for every website that wants to use cookies and choose (or had to choose for lack of alternatives) consent as their justification for processing. Not all data processing requires consent.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
---
My estimate is that over 90% of popular web sites that use cookies -- use users' "personal data" (according to this definition).
That is why I wrote "website that wants to use cookies".
I, probably, should not focus on "cookies" and focus on "website personalization" instead.
Almost all popular websites use "personal data". GDPR forces these websites to present "consent form" to users, whether users want to answer that consent question or not.
I, as a user, do NOT want to be forced to see that "consent" question on my first visit of a website, but GDPR forces me to. That is abuse of government power.
> My point is that GDPR is bad (for internet users) at the very core (intent) of GDPR legislation.
You're conflating interests of internet companies and interests of users a lot here. No doubt, this is not in the interests of internet companies - however, I fail to see how it's actually bad for users.
If you're ennerved by the cookie banners and don't care about your privacy, you're always free to click the prominent "accept all" buttons and continue like before.
