|
|
|
|
|
|
by privacylawthrow
2012 days ago
|
|
|
Much of the statements about cookie requirements in this thread are wrong. The rule is simple: If a website uses non-essential cookies, it must inform users and, in most EU jursidctions, collect consent prior to placing a cookie on the user's machine. The rationale behind the rule is that companies should not store company information on end-user devices without the user's consent. The rule applies to all non-essential cookies regardless of whether the cookies collect personal data or are used for tracking. The rule does not cover cookieless server-side tracking of users. Sites do not violate the law when they track users without consent using server-side tools. Sites do violate the law even without tracking users if the site does not collect consent for non-essential cookies. GDPR enhanced the cookie rules by applying GDPR consent requirements to all cookies that involve personal information. Many sites ignored the old cookie rule because EU law did not give data protection authorities much enforcement power. GDPR increased the power of the DPAs to issue fines of up to 4% of annual turnover. Sites previously ignoring the rules put out cookie banners once GDPR came into effect. edit: To be clear, Github isn't saying that it stopped tracking users. It's saying that it doesn't do cookie-based tracking and therefore it does not need a banner. |
|
|