top | item 21429665

(no title)

_jomo | 6 years ago

I'd like to point out that GDPR compliant sites don't need to ask permission for strictly necessary cookies.

I also recommend using Cookie AutoDelete for Chrome [0] or Firefox [1]. You can define a whitelist of websites where you actually need Cookies (because you want to stay logged in), and the rest will be forgotten when you close the tab. It even allows different rules in Firefox Containers.

0: https://chrome.google.com/webstore/detail/cookie-autodelete/...

1: https://addons.mozilla.org/en-US/firefox/addon/cookie-autode...

discuss

jopsen|6 years ago

> I'd like to point out that GDPR compliant sites don't need to ask permission for strictly necessary cookies.

That's also my interpretation. If you use cookies for session state, authorization, then it's no problem.

The problem is that every website decided that they needed to track users. Or that asking for permission would minimize liability.

ChrisSD|6 years ago

Even with tracking you merely need a privacy policy in a place users can find. It's considered implied consent to continue using a site if the site makes a reasonable effort to make you aware that such a policy exists.

However, what counts as reasonable hasn't been explicitly defined. The UK government considers it fine to use a header that automatically disappears after awhile (i.e. no need to click "ok"). But other governments may view it differently so I can understand some large organisations being cautious.