|
|
|
|
|
|
by d1sxeyes
2026 days ago
|
|
|
Should is not the same as 'must'. If the cookie is purely functional, and is not used for any other purposes, you are neither required to request consent nor inform, provided it is for a service the user explicitly requests. For example, authentication, preference setting, form submission, etc. are all explicit requests. If your cookies do not require consent, you are not required to explain them to the user (although personally I'd say it's a good practice). EDIT: the above is not true, please check the comments below for further discussion. |
|
|
Nitpick: you are actually required to explain it, but not by shoving a banner in their face. You can explain it in the privacy policy, to be retrieved on demand by the user themselves.
See also GordonS' comment elsewhere in this thread, who is correct about the need for a privacy policy (and I posted a more elaborate comment with more info below it): https://news.ycombinator.com/item?id=25305722