If you have a project that doesn't allow users to enter any kind of information but simply displays ads (via Adsense), is that in scope for GDPR or is a proper Privacy Policy enough?
Do you set cookies that are not functionally required for the site to operate? Have to allow opt-in and opt-out of those cookies. Adsense cookies almost certainly fall into this bucket.
Do you set cookies that are required? Need to identify them and inform the user.
Server logs? You probably have ip addresses. Despite what us nerds think the EU considers them personal data.
Thanks for the answer. The only cookies are adsense and those are functionally required to run the site (as it's the only revenue stream). I already use a cookie banner for that.
I run the site behind cloudflare and don't store X-Forwarded-For IP, the analytics software I use immediately anonymizes them before storing them. So I should be fine I hope.
Functional for GDPR does not take into account revenue from my understanding. You’d need a fallback ad solution that doesn’t rely on cookie targeting for users who don’t opt in.
Do you set cookies that are required? Need to identify them and inform the user.
Server logs? You probably have ip addresses. Despite what us nerds think the EU considers them personal data.