-83

Starting the week of September 29, 2025, we’re introducing an updated cookie consent banner for our global users outside of the EEA/UK. This new banner is designed to make managing cookie preferences more intuitive and straightforward.

With this update, new users and site visitors outside of the EEA/UK will now be automatically opted in to having non-essential cookies deployed on their browsers. However, we remain committed to giving you full control over your preferences. The banner will include a clear link to our comprehensive cookie policy, ensuring transparency about how cookies are used, and an easy-to-use option for adjusting your cookie settings to suit your needs.

We’ve designed this update to ensure simplicity, clarity, and usability, allowing you to make informed choices with ease.

For users in the EEA and the UK, your current cookie consent modal will remain unchanged. The updated cookie consent banner is shown below.

"By continuing to use this website, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy. By exiting this window, default cookies will be accepted. To reject cookies, select an option from below." Below that are two buttons: "Necessary cookies only" and "Customize settings"

Thank you for your support as we evolve our site to remain compliant with legal requirements.

Improve this question
17
  • 54
    "automatically opted in" is a very creative combination of words. I don’t think they mean what you think they do. Commented Sep 23 at 18:39
  • 7
    wait... where's the accept all cookies button? are the choices here, close the dialog to stay opted in, click necessary only which opts you out of the newly auto-opt-in options, or customize? so, effectively, ignoring the popup or blocking it, will result in opt-in? Commented Sep 23 at 18:48
  • @MisterMiyagi I don't think the problem is in the company's understanding of what those words mean. Commented Sep 23 at 20:52
  • 47
    Can you please not lie to our faces? This obviously has nothing to do with ensuring "simplicity, clarity, and usability", it obviously has nothing to do with letting people "make informed choices". The obvious driver of this change is that you want more users to have these cookies, for your own benefit, not theirs. If it was about what benefits us then you would revert this change based on user feedback. You won't. Commented Sep 23 at 22:01
  • 22
    "By exiting this window, default cookies will be accepted" is a positively bizarre way to "make managing cookie preferences more intuitive and straightforward". Commented Sep 23 at 22:21
  • 1
    Can you clarify at all which cookies we're talking about? All cookies across all non-essential categories, or are they specific ones? Commented Sep 23 at 23:17
  • 4
    What happens if we have DNT or GPC set? In particular how do these explicit opt out requests impact users who are protected by the CCPA? Commented Sep 24 at 2:55
  • 1
    please specify the meaning of EEA in the context of this post. You (purposely?) choose an acronym that can mean multiple things ranging from European Environment Association to European Economic Association so some clarification is due. Commented Sep 24 at 9:49
  • 19
    @ꓢPArcheon In context of legal stuff, I've only seen EEA mean European Economic Area (Essentially EU + few other countries, where some EU regulations kick in for the other states). The term EEA/UK covers basically the same ground of countries that are under EU-compatible legislation because even though the UK is part of neither the EU any more, nor has joined under the EEA, it still has the remnants laws that were accepted while they were part of the EU. The UK cookie consent laws is EU-compatible as it was an EU directive. Commented Sep 24 at 10:36
  • 4
    Users are advised to manually opt in at Privacy Badger. Only for those who don't want greedy, soulless US companies tracking their activity online - those who like that and enjoy it may opt out. Commented Sep 24 at 15:07
  • 2
    @zcoop98 Yes, this will cover all non-essential cookies, like performance, functional, and targeting ones. If you’d rather not allow these, you can adjust your cookie settings or pick ‘Necessary cookies only’ in the updated banner. The Cookie Policy outlines more details about the cookies we use. Commented Sep 24 at 18:49
  • 12
    Absolutely nobody wants to be tracked by advertisers. I have no problem with Stack Exchange using my data on site to show me more suitable ads, but I have zero interest in any of my data being sent to advertisers. The only people giving consent to advertising vendor cookies are the ones who did that by accident. Commented Sep 25 at 12:08
  • 1
    @Arfrever we are dedicated to remaining compliant with legal requirements wherever applicable. Commented Sep 26 at 16:50
  • 1
    "Thank you for your support as we evolve our site to remain compliant with legal requirements." It's evolving, just backwards. Commented Oct 18 at 2:43
  • 3
    @ResistanceIsFutile “Absolutely nobody wants to be tracked by advertisers.” – I would challenge that statement. There are people (myself somewhat included) that prefer personalized ads to non-personalized ones. (But I also prefer non-intrusive ads to intrusive ones, so I do use ad blocking software for intrusive ads.) Commented Oct 20 at 13:04

9 Answers 9

Reset to default
62

We’ve designed this update to ensure simplicity, clarity, and usability, allowing you to make informed choices with ease.

This very clearly isn't the case, especially compared to the previous dialog: the previous version of the Cookie Policy dialog, which has the additional "Accept all cookies" button

The "X" in the corner of the new dialog is universally understood to mean "dismiss this dialog," not "I affirmatively consent to tracking cookies." Going against user expectation is not usability. The new dialog is a rejection of affirmative consent, simplicity, clarity, and usability. Having explainer text that indicates that the X won't do what you'd usually expect is not simpler than the "Accept all cookies" button clearly indicating what it does.

Improve this answer
58

I'm all for simplicity, but I have a few issues with this.

First, setting non-essential cookies is wrong, from a privacy perspective. In any kind of privacy-first model, the default should be to set only the essential cookies and allow people to opt-in to other cookies that enhance the user experience at the cost of privacy.

Second, saying that users will be "automatically opted in" is wrong. A better phrasing would be to say that users must now opt out of non-essential cookies. The phrasing of calling this an opt-in is a misdirection. In fact, I had to read this post twice to understand that the change is harmful to privacy.

Improve this answer
1
  • 9
    "In any kind of privacy-first model": Whatever makes you think SO-the-company has any kind of privacy-first model? (I think this very post demonstrates that what they have is a profit-first model, as if we didn't know that already.) Commented Sep 23 at 20:53
36

There is no such thing as being automatically opted-in.

A feature that is "automatically opted-in" is called an opt-out feature. Don't assume that your users are blind enough to not realize this. This is about as silly as one saying they're volunteering someone else for a task they do not want to do. Just be honest and say "we've decided to make advertising and tracking cookies opt-out so that users are less likely to stop us from tracking them".

You are not "allowing users to make informed choices". You are implementing a non-desirable (but potentially profitable!) setting and using tricky wording to fool users into leaving cookies the way they were set without realizing the implications of that decision. That is called misinforming users.

This misfeature can be reported to EFF's dark patterns tipline.

Improve this answer
2
34

Essentially, you only doing what you are forced to by law. Nothing more.

That's a choice you're making. It does say something about how the company views these kinds of privacy and tracking topics.

Improve this answer
8
  • 2
    Are there actual regulations not allowing that in big countries outside the EU/UK? Commented Sep 23 at 19:31
  • 3
    @dan1st I don't think I understand your point. The GDPR requires consent for those non-essential cookies. SE is changing the consent form to not actually require consent for everyone outside the area where the GDPR applies. Commented Sep 23 at 19:51
  • Isn't that new modal for non-EU users only? Are you arguing that the current/old state (which isn't being touched for EU/UK users) violates GDPR or about the new one which is shown to non-EU users only? Commented Sep 23 at 21:01
  • 6
    @dan Neither; they're arguing that the change of behavior, which rolls back privacy measures where they aren't specifically required by law (e.g. GDPR), is doing the bare minimum possible, which says things about how the company values privacy (or more specifically, how it does not). Commented Sep 23 at 22:17
  • @zcoop98 Which specific privacy measures were rolled back when the post mentions that there is no change for EU (and similar) users and that that modal would stay the same? Commented Sep 24 at 15:08
  • 3
    @dan1st Non-EEA users are currently benefiting from the same treatment as EEA users in terms of default cookies. This change makes that no longer the case. EEA users are unaffected. There are no legal ramifications here; that's the point– we're saying it speaks volumes that the company would repeal the privacy protections for users where it is not legally mandated. Commented Sep 24 at 15:17
  • 2
    "Non-EEA users are currently benefiting from the same treatment as EEA users in terms of default cookies." - I see, I didn't know about that. Commented Sep 24 at 15:25
  • For some of us it is not a benefit to have the same treatment as the EEA. Viva Brexit! Commented Sep 30 at 13:47
32

new users and site visitors outside of the EEA/UK will now be automatically opted in to having non-essential cookies

Please don't automatically set cookies that you admit are non-essential. I don't know what is driving this decision, but please just don't.

Improve this answer
2
  • 13
    Don't b€ di$ing€nuou$, w€ a££ know the re$son the¥ want to $€t $p¥v€rtizing cooki€$. Commented Sep 23 at 19:18
  • Well, at least in EU humans have rights. Commented Oct 9 at 20:28
26

With this update, new users and site visitors outside of the EEA/UK will now be automatically opted in to having non-essential cookies deployed on their browsers.

This is not only about "new users" though - I get these popups frequently on my phone (iPhone), even when logged in - and in browsers on new machines/devices. What does this mean for me? If I ignore this popup on my phone, will my stored settings be overridden to allow non-essential cookies?

Considering that I get these popups frequently when I've already set my preferences, that implies that the system doesn't adequately communicate my selections to the browser, leaving me worried that they will be overridden at any time. Can you say anything that will allay these concerns?

Additionally - not a lawyer but... - my understanding is that the GDPR rules apply more broadly than this change seems to recognize - including specifically anyone in the EEA/UK and requires active consent - meaning the user can't grant permission through inaction.

While IP-based checks may help (assuming IP is sufficient for determining location), what happens if someone from outside the EEA/UK moves to the EEA/UK for work? Will they be shown the EU variation of the form when their IP change is recognized?

This "simplification" seems to actually make things somewhat more complicated while your existing verification system seems to put existing users at risk of having their settings changed when simply dismissing the form.

An earlier version of this incorrectly indicated my flawed understanding that EEA/UK citizens are covered by GDPR when abroad but further research has shown that's not the case. I do want to recognize that here rather than just editing it out. Apologies for the error.

Improve this answer
2
  • I think the latter might be covered by a (necessary) cookie that's storing your preference without an expiration (or a long expiration) - If your configuration does not delete cookies that last long, it would be preserved even if you travel to other countries (assuming you still use the same device). If your device does delete non-expired cookies, I guess that might be on you - but IANAL (and I also have no idea how it applies to EU citizens outside of the EU). Commented Sep 24 at 16:37
  • 4
    @dan1st Apparently I misread the page I was reviewing and interpreted a section about data of people in GDPR areas taken outside GDPR areas as citizens. Further reading indicates that citizens of GDPR areas are not covered by GDPR when outside the area. Commented Sep 24 at 16:57
24

So, if I read this right, basically you are taking the chance to automatically opt in user for unneeded c...okies to increase monetization in any geographic area where this is still legal, while sadly you have to keep this "As Is" in those annoying meddling countries that made this illegal, right?

This means that technically you are rolling back the guardrails that were already in places for the network users and that required explicit consent whenever you can do that legally, while claiming this is "for clarity"?

Congrats. A winner is you. You showed once again your true color. The Bondrew award is one step closer!

Bonus question: Since you can't do this legally in some countries, for example the UK, would you claim that those countries local laws are preventing you from applying a "more intuitive and straightforward" cookie management there too? I am just asking, since you had the brazen face to claim that this is about "making things more intuitive".
Therefore, do you stand to claim that GDPR and other similar laws are preventing you from "making thing more intuitive" by requiring explicit consent for non-necessary cookies?

Improve this answer
2
  • "So, if I read this right, basically you are taking the chance to automatically opt in user for unneeded c...okies to increase monetization in any geographic area where this is still legal" - Was this (non-essential cookies being there by default though without an opt-out dialog outside of EU and similar countries) not the case already? Commented Sep 24 at 15:10
  • 12
    @dan1st I assume it wasn't. Think about it: in the EU zone they are required to not enable optional non-necessary cookies unless the user gives consent. This means that closing the dialog with the [x] button has to keep the optional cookies disable in order to be compliant. Since before the dialog was the same for every country I can't really believe that they had actually TWO identical dialogs with different behavior... If anything because then it would mean that they were deceptive all along (different countries get different result for the same action) and there was no need to come out now Commented Sep 24 at 15:26
16

visitors outside of the EEA/UK will now be automatically opted in to having non-essential cookies deployed on their browsers

Initially SE announced they'd give EU citizens GDPR compliance and that all users from other geographic areas would get to enjoy the "higher standard of privacy".

Now you're trying to trick users out of going for the "higher standard" so the default is detrimental for them.

I consider this choice dishonest and not to be defending the best interests of the users. I have to ask what's the motivation of SE to make user tracking easier for their affiliated 3rd party providers and what financial gains you expect? Are potential advertisers more likely to pay you if they get increased user tracking in return?

Improve this answer
15

Well, dear friends in the US, it was nice to share a protected consumer table with you while it lasted. It seems your freedoms have just been realized and you are back to being a company's cattle.

Make no mistake, there was a perfectly legal and understandable solution in place, and the company went the extra mile, spent money and resources, so they can screw you over and use your privacy as something to be traded away for dollars.

It is up to you whether you like that. It might seem crazy, but sometimes Europe isn't just about pointless buerocracy. On rare occasions we make laws for a good reason.

Well, I heard Kimmel is back, so your democracy is safe for eternity. If you don't want to be cattle, find out if there is a candidate who wants to prevent that. I have no idea who that would be, but maybe it's time to ask.

Improve this answer
1
  • 9
    Luckily we have a vibrant tech sector that gives me the tools to block gratuitous tracking regardless of the consent games companies play. I also can make my traffic look like it is coming from the EEA if I wanted to. The horses were out of the barn as soon as the debate shifted from protecting privacy to getting consent to violate someone's privacy. Any law that allows tracking without explicit compensation for the use of that data is worthless. Then you get actual informed consent because you have to have some way to pay people. Commented Sep 24 at 13:57

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.