← Back to context

Comment by nightpool

1 month ago

You're correct under the GDPR but incorrect under the older ePrivacy Directive. EU sites need to be compliant with both, and so the cookie banners persist.

11 comments

nightpool

Reply
jraph  1 month ago

Are you sure? That's new to me.

https://en.m.wikipedia.org/wiki/EPrivacy_Directive says

> The Directive provision applicable to cookies is Article 5(3). Recital 25 of the Preamble recognises the importance and usefulness of cookies for the functioning of modern Internet and directly relates Article 5(3) to them but Recital 24 also warns of the danger that such instruments may present to privacy. The change in the law does not affect all types of cookies; those that are deemed to be "strictly necessary for the delivery of a service requested by the user", such as for example, cookies that track the contents of a user's shopping cart on an online shopping service, are exempted.

  • nightpool  1 month ago

    Language preferences are (in all of the deployments I've seen) legally categorized as functional cookies and not strictly necessary cookies. Same with e.g. dark mode/light mode or other preference toggles

  • dcow  1 month ago

    Read: https://gdpr.eu/cookies/ …after you dismiss the cookie banner, of course. I add this not only as a quip but to highlight that even a gdpr explainer website which you’d expect isn’t doing the evil thing of tracking users, has interpreted the relevant laws such that it finds it necessary to promt the user in order to simply explain the gdpr and epd/epr…

    • Latty  1 month ago

      > This is not an official EU Commission or Government resource. [...] Nothing found in this portal constitutes legal advice.

      It's easier and safer to just claim that you must prompt for everything, and it serves the goal of obfuscating bad behaviour.

      Cookies that are functionally necessary to do what the user is there for, not to track them, are OK, that's the spirit and intent of the law. Even if you think the wording means that, realistically, the EU isn't coming after anyone for a legitimate good-faith use of language cookies without a banner, and they'd clarify if that was how they intended to enforce it.

    • jraph  1 month ago

      The way I read this proves you wrong:

      > Cookie compliance [heading]

      > To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

      > Receive users’ consent before you use any cookies except strictly necessary cookies.

      (emphasis not mine, but would have added it)

      4 replies →