|
|
|
|
|
|
by cdrx
1932 days ago
|
|
|
Your understanding of strictly necessary is incorrect. You do not need to a/b test a website for it to function. It is optional. It doesn’t become legal just because your tech stack makes it difficult, or because you engineer the site not to work without a non-essential cookie. You could a/b test based on even or odd numbered IP address and not require consent to store a cookie. You can pass the referrer around via query string and not require consent to store a cookie. However, as you said, there is no enforcement of the regulation so the risk of non-compliance is basically zero :) |
|
|
No if a user clicks a button to see the prices at 10 euros but see the prices at 20 euros then that is an issue. That is a rather serious issue, if I show you a price and then when it goes the payment processor on the second request that is illegal.
There are many ways of doing things but considering the ICO's list of strictly necessary this falls into it.
Also, I use the session id in my logs so I can debug issues such as the user saw x on page then did y so z happened. This is falls under it as well due to it being required for the operation of the website.
The fact there are other ways of doing things doesn't remove the fact for my way the cookie is strictly necessary. The system will fail. And yes, the tech stack and the way I built it does affect this. Look at the laws and you'll see a number of times where they say something along the lines of "if feasible". The recommendation from ICO is that you don't need to ask for permission for everything and they kinda make a point of saying that as it's annoying as hell for everyone.