Hacker News new | ask | show | jobs
by Sander_Marechal 1837 days ago
It's EU, it varies by country. Each country takes the European GRPR law/guidelines and implements in on the national level. There may be slight differences. Your specific example where opting out must not cost more effort than opting in is specific to the UK GDPR implementation for instance.
2 comments
hnarn 1837 days ago
The point is that it's not being enforced, so if we assume what you say is true for the sake of argument, then the only way that would be OK was if a different cookie banner was shown for visitors from the UK, which I highly doubt happens in any meaningful percent of cases.
link
rikroots 1837 days ago
No. The GDPR is an EU Regulation which is, by definition, a binding legislative act. It applies in its entirety across the EU - no exceptions, no opt-outs. EU Member States are allowed to interpret (to a greater or lesser degree) EU Directives when they translate them into national law[1]

The EU GDPR no longer applies in the UK because the UK is no longer a member of the EU. The EU GDPR has been incorporated into UK law (as the UK GDPR) but there's nothing preventing the UK Government varying it at any point in the future[2]

[1] - https://europa.eu/european-union/law/legal-acts_en

[2] - https://ico.org.uk/for-organisations/dp-at-the-end-of-the-tr...

link
TX0098812 1837 days ago
'A "directive" is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to devise their own laws on how to reach these goals.'
link
rikroots 1837 days ago
> A "directive" is a legislative act that sets out ...

Maybe my wording was a bit vague. How about: "The GDPR is an EU Regulation which is, by definition, a binding legislative act which applies in its entirety across the EU without the need for Member States to pass any further national legislation. This is different to EU Directives, which EU Member Sates will implement by translating them into their own national law - which in turn does give Member States room to 'interpret' the Directive's requirements - subject to legal challenge in the Court of Justice of the European Union"

link
anoncake 1837 days ago
And the GDPR is not a directive.
link
lmkg 1837 days ago
But cookie banners must also adhere to the ePrivacy Directive, which is a directive (as the name implies).
link