Hacker Read

tinus_hn · 2022-06-18 03:49:38

You could just set a cookie that is a binary ‘I have already seen you’ value, gdpr only cares if you create identifiers.

Quarrelsome | karma 4172 | avg karma 2.9 · | 2022-11-30 13:16:59

I thought GDPR cared mostly about uniquely identifying visitors which this does not do. You still need a cookie banner to state that you will put some data on their machine but you always need one of those.

abbe98 | karma 1918 | avg karma 15.72 · | 2021-05-31 09:17:06+00:00

This could work for cookies but how would it work for other types of tracking. GDPR is not about cookies per se but about tracking.

dawnerd | karma 7527 | avg karma 2.46 · | 2020-12-04 17:16:49+00:00

Having done a lot of gdpr work recently, this definitely will not fly. Nice idea if preventing cookies is all you care about.

chacha2 | karma 433 | avg karma 2.64 · | 2020-05-06 13:35:26

GDPR only needs a cookie warning if it's used for tracking.

chrisan | karma 2202 | avg karma 3.05 · | 2021-02-24 16:04:41

Thanks for this! I'm at a point where I am way more annoyed by cookie banners all over the place than whatever tracking is being done on me that I almost wanted to go back in time before GDPR, now I don't have to :)

Zak | karma | avg karma · | 2023-01-06 13:47:34

I am not a lawyer or a GDPR expert, but I think that probably wouldn't satisfy the intent of the GDPR any more than current browser capabilities to accept or reject third-party cookies would.

cpeterso | karma 43338 | avg karma 5.73 · | 2019-02-22 18:34:27+00:00

Or GDPR could allow users to send "DNT: 0" (aka "Do Track") to auto-accept all those GDPR cookie prompts. :)

jonny_eh | karma 10706 | avg karma 3.1 · | 2023-01-09 12:44:17

> You can make the state unique in the DB by a user cookie ID

https://gdpr-info.eu/

reply

notpushkin | karma 4321 | avg karma 3.73 · | 2022-11-30 12:39:50

If it’s anonymous and doesn’t collect any user data, why do we need it at all? Would using a cookie for the same purpose (just a counter of visits, resetting every day) trigger the GDPR laws somehow? It would work in literally same way except being transparent to the user instead of utilizing some shady technique.

Rygian | karma 2709 | avg karma 4.25 · | 2023-05-18 12:05:30

GDPR is about tracking, not about cookies.

AdriaanvRossum | karma 1825 | avg karma 9.12 · | 2019-12-14 12:32:52+00:00

I agree with you. It's privacy friendly to have a cookie stored on the browser with a boolean only. Unfortunately it's not allowed by GDPR without asking for consent first. Would be open to other ways without cookies and fingerprinting. I think there is no other way.

GekkePrutser | karma 10335 | avg karma 2.08 · | 2021-06-16 06:26:42

This is pretty much how it's supposed to work under GDPR. Offering a clear choice without bias. GDPR isn't about banning cookies. It's about giving the user control of their data.

oldkn | karma 33 | avg karma 5.5 · | 2020-12-18 11:56:24+00:00

Wait, GDPR only applies to third party cookies? Surely companies can just do the same tracking from their own domain.

mimsee | karma 1007 | avg karma 5.36 · | 2022-03-21 13:19:16

Remember GDPR is a general law about data collection so it could be anything, not necessarily cookies.

feanaro | karma 4052 | avg karma 2.33 · | 2020-12-17 20:12:48

GDPR doesn't care if you're accomplishing the tracking with a cookie or using a different mechanism. You're not allowed to do it either way, unless the user has consented.

JCWasmx86 | karma 1257 | avg karma 7.02 · | 2022-02-25 10:02:38

That's the problem with the GDPR. Excellent idea, but badly executed. Something like the DNT-Header should have been in the law, saying that the user only wants the really necessary cookies.

starbugs | karma 2990 | avg karma 4.22 · | 2023-09-29 09:54:12

A cookie used solely for counting anonymous visits without storing individual identifiers generally wouldn't be considered personally identifiable information under GDPR.

At least that's what I was told. Having said that, this is obviously a complicated and nuanced topic with a lot of grey areas. I guess it's a good idea to talk to a lawyer in any case.

reply

MattPalmer1086 | karma 2957 | avg karma 1.84 · | 2023-04-07 02:40:48

Not this again. GDPR references cookies only once, along with IP addresses and other things, as examples of things that can be used to identify people. It made no law on how all of those things should be handled.

It was the ePrivacy Directive that actually regulated cookie use.

https://gdpr.eu/cookies/

reply

wlll | karma 8390 | avg karma 8.05 · | 2020-11-08 18:56:54

GDPR isn't a cookie law, it's a data privacy law. Cookies aren't the problem, it's what people are doing with the data that's the issue.

You can track people with all sorts of other means other than cookies, you would also need to get people's permission to do this.

reply