undefined | Better HN

0 pointsLazare5y ago0 comments

> as users are supposed to be able to decline cookies and somehow still maintain state; the lawmakers don't understand a session is necessary for things like logins

The lawmakers do understand that, you are allowed to use sessions and cookies for essential tasks like tracking login state, and no popup is necessary in this case.

I wouldn't be shocked if you are correct and many devs are indeed completely ignoring the legal requirements here, but that may be in part due to developers not understanding the legal requirements or believing incorrectly (as you seem to) that the requirements are not technically feasible.

A simple, GDPR compliant solution would be a tickbox for "remember me across visits" next to the login form. If ticked you get a persistent cookie, if unticked just a temporary session that goes away when the browser is closed. No popup is needed.

0 comments

Kiro5y ago

You don't need a tickbox either if it's just a login cookie.

ksec5y ago

Thank You. This is new to me.

If login Cookies are allowed, and your login site already has your profile hence your Ads preference. Why do they still need to use cookies banners?

tomp5y ago

IANAL. It's not about cookies per se, it's about your information and what it's used for. If your information (e.g. a unique ID) is used for something you want (e.g. login), that's fine. If they want to use your information (could be the very same information, i.e. your unique ID / user profile) to track you, advertise to you, sell your profile to advertisers, ... they need extra consent for that.

Xelbair5y ago

Just in case they get sued.

..while their ads preference dialogue has pre-checked options which is clear violation of GDPR...

j / k navigate · click thread line to collapse