Millo's Musings

GDPR Might Turn Me Into a Brexiter

07 December 2019

In 2011 the Daily Mail ran a ridiculous article about binge-drinking culture at the University of Manchester. According to the Mail, students were playing a “lethal” drinking game called “Tower” where the aim was to put oneself in hospital. They were drinking a “home-made” conconction called “Hulk” in their 21-storey halls of residence; they were “suicidal” and “bloody idiots” who “hate brain cells”; the whole saga was “a depressing new low for Binge Britain.”

Here’s the interesting thing about this article: every single factual detail is wrong. I should know, because I was an undergraduate at Manchester in 2011, and I may have killed a few brain cells while I was there but I can remember enough to tell you:

To be fair, I never learned the exact recipe for Green Monster, but since the Mail got everything else wrong I think it’s safe to assume they got that one wrong too.

And more importantly: if the hacks at the Fail get it this wrong when writing about a topic I understand, how can I trust anything they say on the topics I don’t?

Which brings me to Brexit.

Y’see, I’ve never been sure what to think about the EU, which is exactly why I voted Remain. I’m sympathetic towards the argument that the Mother of All Parliaments should take back control of its sovereignty from the democratically-dubious Brussels bureaucracy, but at the end of the day I must concede that I’m simply not qualified to decide.

But I do know a thing or two about computers. Which is to say that I’ve spent most of the last ten years writing software for a living, and I almost definitely know more than you about how the Internet works. So I feel qualified to say this: even if Brexit crashes the economy and wipes out my life savings, even if it sparks a civil war that turns the whole country into a smouldering pile of rubble, even if it leads to Lily Allen on the throne with Piers Morgan for PM, the whole goddamn thing may be worth it if it means I no longer have to click on these stupid fucking GDPR warnings on every goddamn website I visit.

If you’re fortunate enough to have never had a European IP address, let me explain:

For years, surfing the web from within European borders has been an agonising exercise in clicking “accept” and “okay” on a neverending deluge of pointless pop-ups. You’ve heard of GDPR, which came into force last year, but it actually started much earlier with EU Directive 2009/136, colloquially referred to as the “cookie law”.

That law, described by legal firm Pinsent Masons as “so breathtakingly stupid that the normally law-abiding business may be tempted to bend the rules to breaking point”, requires businesses to obtain your permission before storing “cookies” in your browser. What’s the point? Something to do with Internet privacy:

Image credit: Churchmag

You may be wondering what a “cookie” even is. Congratulations: you’ve already thought about it harder than whoever wrote this moronic legislation. Far from being a nefarious tool of surveillance useful only to snoops and spymasters, cookies are an integral part of how the modern web works. Try disabling them entirely within your browser settings and you’ll see that half of all sites stop working. Cookies are how websites remember who you are from click to click; without them you wouldn’t be able to have login systems or shopping baskets. It’s true that cookies are also used by advertisers to learn more about you, but there are simple ways to avoid this, and even without cookies there are still, sadly, a zillion other ways to track you.

Protecting online privacy by making websites tell you they use cookies makes as much sense as protecting the environment by pulling you over every two miles to remind you that your car burns petrol. And yet here we are.

I’m convinced that the only reason this law exists is because the name “cookie” is catchy and memorable. Some Eurocrat, undoubtedly of the type who uses Caps Lock instead of Shift, heard that his browser was full of “cookies” and thought “oh no! I don’t want cookies clogging up my interweb tubes!” Then he took it upon himself to fix the “problem” despite his total lack of understanding. If cookies had a boring, technical name - something like “HTTP Stateful Session Identifier Tokens” - said Eurocrat would have thought “what the hell does that mean? Guess I’d better leave it to the experts,” and gone back to typing with two fingers and using his birthday as a password.

That was bad enough, but since 2018 it’s been like the cookie law on steroids. GDPR needs no introduction; even if you don’t live in Europe you’ve been annoyed by it, not least by the fifty thousand emails you received when it went into force. I won’t claim to understand every last detail of what GDPR involves (Mark Zuckerberg called it “a very positive step for the Internet”, which is as reassuring as if Harold Shipman had called it a good thing for the NHS), but I know how it’s affected my day-to-day life, and every time I have to waste another ten seconds waiting for the fiftieth GDPR notice of the day to load on my phone, I feel like catching the next flight to Brussels and punching Jean-Claude Juncker in the face.

I can only assume that the conversation at EU HQ went like this: “Hey, you know how every time you install new software you have to click “Accept” below a gigantic block of legalese that no-one reads, understands or takes seriously? Wouldn’t it be great if we made everyone in Europe do that an extra thousand times a day?”

So again, I’m thinking about that Daily Mail article. I know as much about European law as the average Mail reader knows about the Owens Park Tower Challenge. But if EU lawmakers are this transparently clueless when it comes to a topic I understand, what are all their other laws like?

Get New Posts by Email