|
|
|
|
|
|
by that_guy_iain
1929 days ago
|
|
|
>Your understanding of strictly necessary is incorrect. You do not need to a/b test a website for it to function. It is optional. It doesn’t become legal just because your tech stack makes it difficult, or because you engineer the site not to work without a non-essential cookie. No if a user clicks a button to see the prices at 10 euros but see the prices at 20 euros then that is an issue. That is a rather serious issue, if I show you a price and then when it goes the payment processor on the second request that is illegal. There are many ways of doing things but considering the ICO's list of strictly necessary this falls into it. Also, I use the session id in my logs so I can debug issues such as the user saw x on page then did y so z happened. This is falls under it as well due to it being required for the operation of the website. The fact there are other ways of doing things doesn't remove the fact for my way the cookie is strictly necessary. The system will fail. And yes, the tech stack and the way I built it does affect this. Look at the laws and you'll see a number of times where they say something along the lines of "if feasible". The recommendation from ICO is that you don't need to ask for permission for everything and they kinda make a point of saying that as it's annoying as hell for everyone. |
|
|
I agree with you, that is a serious issue. But that issue is caused by your use of a/b testing, and if you solve that issue with a cookie then you need consent.
The ICO PECR guidance explicitly states that you can not rely on the strictly necessary exemption for analytics cookies.