undefined | Better HN

0 pointsWaterluvian2y ago0 comments

Indeed. Cookies are incredibly useful for things the user really does want, like staying logged in across sessions/tabs.

0 comments

jefftk2y ago

A login cookie does not require a consent banner, because logging in is an explicit user request. But I didn't log into Sentry in my testing.

orbat2y ago

Persisting login cookies if the user didn't explicitly consent to data collection is specifically _not_ exempted by ePrivacy. To quote a EU Working Group's opinion on this: 'Persistent login cookies which store an authentication token across browser sessions are not exempted under CRITERION B. This is an important distinction because the user may not be immediately aware of the fact that closing the browser will not clear their authentication settings. They may return to the website under the assumption that they are anonymous whilst in fact they are still logged in to the service. The commonly seen method of using a checkbox and a simple information note such as “remember me (uses cookies)” next to the submit form would be an appropriate means of gaining consent therefore negating the need to apply an exemption in this case.'

You can find the full opinion text here https://ec.europa.eu/justice/article-29/documentation/opinio...

jefftk2y ago

Sorry;you're right! I should have given the caveat that the login needs to be accompanied by a checkbox like that.

j / k navigate · click thread line to collapse

0 comments

jefftk2y ago

A login cookie does not require a consent banner, because logging in is an explicit user request. But I didn't log into Sentry in my testing.

orbat2y ago

You can find the full opinion text here https://ec.europa.eu/justice/article-29/documentation/opinio...

jefftk2y ago

Sorry;you're right! I should have given the caveat that the login needs to be accompanied by a checkbox like that.

j / k navigate · click thread line to collapse