(no title)
gruturo | 3 months ago
It absolutely isn't. I set up a blog for a friend where she shows her art and publishes an appearances itinerary/schedule. It doesn't collect ANY info from visitors, therefore requires no cookie banner at all. Simple as that.
HTTP logs are retained for 7 days for security analysis and then wiped. No analytics available, although my understanding is that a self-hosted Matomo instance set to anonymize the last 2 IP bytes of every logline it ingests would still be considered exempt from a banner.
zrn900|3 months ago
There you go. The moment you save any information that can help identify someone for any period, you are within the scope of the law. God forbid you keep the IPS for any reason.
> for security analysis
The law doesnt give a zit about what you do it for. If you retain any personal info or set any cookie, you have to tell the user about it and give options.
> Matomo instance
Hahaha - matomo itself is non-compliant with the law. Its developers think that anonymizing info or collecting bits and pieces for functional info and setting a cookie for that purpose allows you not to show a banner. That's wrong. It doesnt matter for what you collect info or set a cookie - the moment you set a cookie, you have to show a cookie banner and tell exactly what you are collecting and what you are using it for. Even for functional cookies.
The only way you can be compliant with this law is by setting an apache header or something to delete all cookies the moment they are set so that you wont leave any cookie. Even in that case, you may be responsible for you are holding that information even for a few miliseconds. (yeah, you as a techie think that its not important, but law doesnt work that way). Best chance is to have a server that does not set any cookie or collect any info in any way. Good job preventing spam, fraud, ddos with such a setup.