top | item 46521770

(no title)

buzer | 1 month ago

"You DON’T need consent for: First-party cookies used just for your own analytics (in most cases)"

They claim that, but the page they link to as the source says "You must...Receive users’ consent before you use any cookies except strictly necessary cookies.". So what exactly makes them think that first-party analytics cookies are "strictly necessary"? The Mastodon link in the at the start of page doesn't seem to work.

discuss

Aloisius|1 month ago

Case and point, the EU Data Protection Board has a cookie consent banner and only uses a first-party cookie for analytics.

https://www.edpb.europa.eu/concernant-le-cepd/mentions-legal...

pas|1 month ago

that might be overdoing it. I don't know where is the current case law, but IMHO storing a random number and identifying the retuning user is not PII (to count how many times that user returned).

now of course if it gets joined with other data it can become PII.

IP address is usually treated as PII, because it can have very high "selectivity" (and with a subpoena can be turned into PII, whereas a site specific cryptorandom cookie id cannot)

gamblor956|1 month ago

Exactly. Analytics is one of the types of data for which permission is explicitly required.

Session auth cookies are the only ones the EU considers strictly necessary.

latexr|1 month ago

> Session auth cookies are the only ones the EU considers strictly necessary.

There are several others which are permissible. The EU has six examples.

https://commission.europa.eu/resources/europa-web-guide/desi...

unknown|1 month ago

[deleted]

krageon|1 month ago

Anyone that says the quote is the case doesn't know what they're talking about. For the love of god, just read the law text :(((