Opt-in vs. Opt-out

[torgo]

Channeled from https://social.mkj.earth/@mkj/111976552125719593:

It seems to me to focus too much on active opt-out rather than active opt-in.

Example:

If I visit example.com and get a pop-up asking me for my cookie preferences before being able to proceed, even if there is a clear option to opt-out reject all cookies, that requires me to take affirmitive action before being able to proceed.

If instead there is a top or bottom bar saying "to enable additional features, set cookie preferences", that allows opt-in to gain additional value.

[darobin]

This seems to be just relitigating consent? I don't see in the draft anything that's about "active opt-out".

[dmarti]

We do say

Both consent and permissions should be requested in a way that lets people delay or avoid answering if they're trying to do something else. ( https://w3ctag.github.io/privacy-principles/#opt-in-out )

and there is more material in https://w3ctag.github.io/privacy-principles/#consent-principles

An actor should not prompt a person for consent if the person is unlikely to have sufficient information to make an informed decision to consent or not.

An actor should avoid interrupting a person's use of a site for consent requests when an alternative is available.

I have been trying to read the document with a view to making sure that none of it looks like a recommendation for sticking annoying fake consent dialogs on everything and so far it looks good.