Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's easy: if you as a website owner transfer personally identifiable information to a third party and it's not strictly necessary to provide your service, then you need consent from the user.

If you would refrain sharing that info, you wouldn't need to ask for consent. There is no law that asks for cookie popups



Yes, e.g. there is no law for cookie popups, you can use cookies without consent if you use cookies say for session handling.


I would like more sites asking consent when passing info to a 3rd party becomes necessary (in relation to a requested service, like when you use location services in a phone app, for example) instead of asking for bulk consent for the whole site visit.


Even the EU's own official web portal [1] has a cookie pop-up that covers half the screen of my mobile phone when I visit it.

[1] https://europa.eu/


Probably built by a web gency who added tracking, perhaps even GA, so there was need for a cookie pop up banner. Why that website would need tracking and profiling is beyond me.


I think every website should understand how and by who their website is used. I don't consider this "spying." If you walk into a brick and mortar store the shopkeeper has every right to count that you came in, and watch where you go in the store to optimize it. The web should be no different.

Fortunately there are in fact cookieless analytics systems that people can use to get this information why not being required to have the stupid cookie popup.


"I think every website should understand how and by who their website is used"

1. You don't need cookies or profiling for that - use Simple Analytics et. al.

2. You can ask for my consent, but you can't profile me against my will

3. A brick and mortar store does not profile me without my consent.


Yes, a brick and mortar store can absolutely profile you without consent if they wished, and so can a website. The only condition is not collecting PII.


Difficult, they try from time to time, then they get fake email adresses and fake zip codes in their database.

(Not using loyalty cards or CCs)


FWIW I am a website/webapp owner and use zero third party cookies or services, not even first party tracking (apart from analyzing web server logs from time to time).

Still, the GDPR obviously had some "bugs" which let companies get away with basically showing you "we're tracking you, click OK". Which is a waste of time for the companies and users and doesn't improve users' privacy in any way. So, it was a faulty law that caused damages


Your first paragraph describes GDPR, which does not require cookie popups.

But there is also the e-privacy directive (older than GDPR) that does require a cookie popup for any cookie not strictly required to deliver the service. Regardless of whether it tracks PII. So this also applies if for example you only want to know whether someone is a returning visitor or a new visitor without storing any identifier.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: