upvote

points

by rpdillon3 hours ago |
comments
upvoteby norman7843 hours ago|
next
[-]
But it should not be obnoxious, look at steam how is a small banner with two simple actions, vs all other cookie banners.
reply
upvoteby rpdillon3 hours ago|
parent|
[-]
Agreed! Many sites don't actually comply with the GDPR because they don't provide simple tools to control the cookies and instead force you through a flow. Part of my gripe with the law is the way those violations are not being systematically cited.
reply
upvoteby dheera1 hours ago|
prev|
next
[-]
If I see a cookie banner I often bounce.

You'd have much better retention rates if you don't cover up the content the viewer is trying to view.

How would you like it if I shoved a banner in your face the moment you walked into a store and forced you to punch a hole in it in order to view items on the shelves?

reply
upvoteby stephenr3 hours ago|
prev|
next
[-]
> even to know whether they've visited the site before

So uh, don't do that.

You don't need to notify if you use cookies for required functionality like login sessions or remembering a functional setting.

If you're tracking whether they're returning or not your activity is exactly the kind of behaviour the rule is covering because, in legal terms, it's skeezy as fuck.

reply
upvoteby rpdillon3 hours ago|
parent|
next
[-]
It's a site where they log in and we store a cookie.
reply
upvoteby rendx3 hours ago|
parent|
[-]
"Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user."

https://gdpr.eu/cookies/

reply
upvoteby rpdillon2 hours ago|
parent|
[-]
Right, and then the legal teams tell me they don't care, and we should put up the cookie banner anyway. I feel like you didn't read my original comment.
reply
upvoteby sensanaty58 minutes ago|
parent|
[-]
That just means your legal team is lazy or incompetent. I work for a massive company that handles extremely sensitive PII and we don't have a cookie banner, because we don't need to have a cookie banner. GitHub doesn't have one, Gitlab doesn't have one.
reply
upvoteby shadowgovt3 hours ago|
parent|
prev|
[-]
> You don't need to notify if you use cookies for required functionality like login sessions or remembering a functional setting

Nobody wants to be the EU test case on precisely how "required functionality" is defined. Regardless of what the plaintext of the law says, it should be self-evident that companies will be more conservative than that, especially when the cost is as low as adding one cooke banner and tracking one preference.

reply
upvoteby rendx3 hours ago|
prev|
[-]
So? You're not arguing that we should get rid of 'reasonable' laws out of misinterpretations of them, are you?
reply
upvoteby rpdillon3 hours ago|
parent|
[-]
Laws should be evaluated on the effect they actually have on society, rather than the effect that we wish they had on society. I am very critical of laws that fail this test, and I think they should be updated to improve their performance. We want the right outcome, not the right rules.
reply