Comment by oliwarner
1 day ago
GDPR requires informed consent before collecting data. It's a wonder we don't have to force everyone through an interstitial consent page.
1 day ago
GDPR requires informed consent before collecting data. It's a wonder we don't have to force everyone through an interstitial consent page.
Yes, this sounds good. This sounds like something desirable. I mean, this is the expectation literally everywhere else so... why not the web?
Also, data collection is fully a choice. You can always choose not to. I've built websites with logins and everything and guess what - no cookie banners necessary. Just don't collect data you don't need.
> GDPR requires informed consent before collecting data.
And this is a good thing, no? I certainly think so.
> It's a wonder we don't have to force everyone through an interstitial consent page.
If the information being tracked is truly essential to the site/app (session management and authorisation data for instance) then no consent is needed, for anything else ask before you store it, and most certainly ask before you share it with your “partners” or anyone else.
There's obviously a lot more real world than they can codify into laws and examples but I think if you can get consent, you should get consent. The ICO:
> Private-sector or third-sector organisations will often be able to consider the ‘legitimate interests’ basis in Article 6(1)(f) if they find it hard to meet the standard for consent and no other specific basis applies. This recognises that you may have good reason to process someone’s personal data without their consent – but you must avoid doing anything they would not expect, ensure there is no unwarranted impact on them, and that you are still fair, transparent and accountable.
Session tracking, storing account information, addresses, etc all seem obvious in any e-commerce system but you still have every opportunity to notify and consent that data collection.
I think you and I both think that data protection is a good thing, I'm just a little more wary of leaning on legitimate usage* as a way to skip formal consent.