No it's required for all types of tracking including but not exclusively cookies. Only days collection that is absolutely required to provide the service may be collected without consent and for that purpose only.
If a law is realistically unenforceable then it’s unreasonable. A law that requires some agency in Europe to police all of the websites around the world is pretty fucking stupid.
> If a law is realistically unenforceable then it’s unreasonable.
It is enforceable, and there have already been fines.
> A law that requires some agency in Europe to police all of the websites
No, they are not going to police every website in the world.
Once again, if it 6 years later you still couldn't read and understand a rather reasonably written law with multiple explanations and examples, you are a part of the problem.
> Once again, if it 6 years later you still couldn't read and understand a rather reasonably written law with multiple explanations and examples, you are a part of the problem.
It’s not reasonable if it’s written in a way that’s so easy to misinterpret.
People still don’t understand - shit law.
OR
People do understand and implement bad pop-ups and EU doesn’t enforce - shit law.
A law that is not enforced or has been written in a way that isn’t reasonable to enforce is absolutely a shitty law. Pie in the sky laws that have no teeth are worse than no law at all. It just gives room for lots of selective enforcement which is a great way to encourage corruption and shakedown schemes.
After 6 years, Google itself (which has all the lawyers and engineers it needs) has resorted to the same f-ing ugly cookie popup everyone else is using.
> Google itself (which has all the lawyers and engineers it needs) has resorted to the same f-ing ugly cookie popup
Because Google is in the business of dark patterns and wholesale data collection. They couldn't care less about user privacy.
Besides, their entire system is built on the premise of wholesale data collection. Their own engineers admit that they don't know how and where the data is collected and de-google their phones. [1]
> Everybody except those who created the problem in the first place.
For over a decade there have been laws in each country protecting people's private data. Companies kept on ignoring those laws. The countries came together and created a single law for the entirety of the EU.
The essence of the law:
- if you need some data for the functionality of your service, you can collect it
- if you don't need some data for the functionality of your service, you can't collect it unless you explicitly ask the person. And "opt out" has to be the default option, and cannot stop the person from using the service
How is that a problem?
Those popups? Yes, they are annoying, but they also show how every single website sells the data they don't need to hundreds of companies without your consent. And they keep trying to trick you into providing that data. Now this is a problem.
However, you think that it's all fine, everyone should just hoover up all the data they can possibly get their hands on.
> Are they gonna sue every single website who had to put up a cookie popup just because they run analytics?
Yes, theoretically they have the authority to do that. However, no, they are not going to do that. And no, that doesn't mean that the law is bad.
Look at the bottom of the page. It's a cookie banner. It was their law. They had 6 years to implement it on their own website. This is the result. The law is broken.
This is pretty much how it's supposed to work under GDPR. Offering a clear choice without bias. GDPR isn't about banning cookies. It's about giving the user control of their data.
Well then - cookie popups that must be clicked every time you visit a website until you accept them, must be ok with you, since "this is how it's supposed to work under GDPR".
Sorry, but I don't agree. I consider them a scourge on today's Internet. And I find them a horribly steep price for the "privacy" (really just a lousy IP address obfuscation) you gain in their stead.
The choice can be perfectly well saved in a cookie because it's a cookie necessary for site operations. They don't even need approval. Only unnecessary ones do.
To put that slightly differently: warnings/popups are never needed unless you're taking data from your visitor which has nothing to do with the function(s) your offering the visitor.
The GDPR spells out when you're allowed to collect data; asking for consent is basically its emergency escape hatch. You only need to do that if there is absolutely no (functional) reason to get that data, but you want it anyway.
GDPR doesn't spell out anything. It's the most vague f-ing BS I have ever seen. There are no definitions, no guidelines.
6 years later there is no consensus on simple questions like website analytics which is probably the most common usage scenario for the kind of data GDPR covers.
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data
...
Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
=== end quote ===
> there is no consensus on simple questions like website analytics which is probably the most common usage scenario for the kind of data GDPR covers.
The consensus is there. And it's spelled clearly in the law.
> Please tell me the consensus and guideline for website analytics.
Literally described in one of the links.
> Please tell me the consensus and guideline on how to store the rejection for using cookies
You can use a cookie for that. If it's for a logged-in user, you can store that in the user profile.
> Please tell me the consensus and guideline on what "legitimate purposes" are.
Text in one of the links literally contains a link to further reading on legitimate interest.
> And most of all, please tell me the consensus and guideline for cookie banners and popups
Literally described in both links.
Once again. It's painfully clear that you never bothered to read and understand anything about the law in the past 6 years. Your clueless questions about "why does gdpr and europa sites have cookie banners" only serve as further proof.
The https://gdpr.eu/ website is not official. Its description of "analytics cookies" cannot be found anywhere in the actual GDPR & Co regulations.
> You can use a cookie for that.
Use a cookie to store the literal "No cookies" preference? Great example of the contradictory and irrational text of the GDPR.
> Text in one of the links literally contains a link to further reading on legitimate interest.
More vague and contradictory BS.
> Literally described in both links.
Too bad that description is not actually valid and if you'll actually check the GDPR text (not the non-official gdpr.eu website) you'll find no such descriptions.
Moreover, the cookie banner on both websites is actually illegal under GDPR. Check out https://ico.org.uk/ for a correct (but horrifying) implementation.
You are correct, I am not an every-day GDPR expert. I only encounter it when implementing on various websites and there only for analytics - no ads or anything more.
But its requirements were always for the worse. Because of its vague and contradictory definitions everybody (including me) adopted the safest implementation and thus the current web of cookie banners and popups was born. I hope you are happy with it, it solves nothing but it makes everybody's life worse.
