|
|
|
|
|
|
by GordonS
2026 days ago
|
|
|
I believe you are correct, but I believe you also need to have a cookie/privacy policy page, where you explain what data you are storing and processing. I forget off the top of my head if that's a requirement of GDPR or ePrivacy, but you need to comply with both. |
|
|
Again, the law is not all lawyerspeak and it's fairly easy to find if you click my link to the law above. Article 14(3):
> The [website] shall provide the information referred to in paragraphs 1 and 2:
> (a) within a reasonable period after obtaining the personal data [...]
> (b) [...] at the time of the first communication to [the user] [...]
Where "the information referred to in paragraphs 1 and 2" is the basics: who you are, what you collect, for what purpose (marketing or so), retention period, what the user's rights are, and other things that may apply from the lists in those paragraphs.
The easiest way to fulfill this is, of course, a nice little link at the bottom with this info laid out for everyone.
This is also perfect if you're Google and your products, taken together, process basically every piece of data about a human going about their daily life. Then you basically say "we collect basically every piece of data that you supply or that we can otherwise get our hands on" and the user is not only none the wiser when they use only reCAPTCHA, but they now also agreed to the rest because that's all in one policy.
By and large I'm still happy that it has improvements over the previous law (most notably enforcement and uniformity between member states) even if there are things to be improved, but I digress. Point is: policy available to read when desired: yes; annoying pop-up banner: NEIN :)