[akie]

You want to avoid cookies entirely so that you don't need a cookie policy and that you don't need a cookie banner.

It's also significantly easier to convince a lawyer that you don't need these things if you can prove that there are no cookies whatsoever. And even then they'll be suspicious.

It's harder than it looks, just embedding a YouTube video for example already sets third-party cookies. Same with embedding a Twitter feed or Google Analytics. There are solutions for all of these things, but the standard/easy way of doing these things means your user gets a third-party cookie, which means you need the banner.

[hnarn]

> You want to avoid cookies entirely so that you don't need a cookie policy and that you don't need a cookie banner.

Wrong. Functional cookies are exempt.

[akie]

Of course I know that, but did you ever talk to someone who is not in technology but does have a say in determining what "we" need to do to cover "our" asses?

Say, a lawyer with the responsibility that all of our websites implement all of the relevant regulations?

You would think that they are up to date on what regulations you need to follow, but you'd be surprised. Many take a blanket "no risks under any circumstances" approach. These types can only be placated with the "we don't have any cookies at all" argument. And even then only barely.

[Ensorceled]

The statement isn't "Wrong.", it's just overly strict.

[nickpp]

What are "functional cookies"? Are analytics/telemetries cookies functional? Are cookies identifying google users so they can receive targeted content but also ads "functional"?

GDPR never bothered to specify. This is why GDPR is broken and sadly it broke the web.

[hnarn]

Have you tried finding the answer to your question online? There are clear examples of what "functional cookies" mean, even straight from the EU.

[nickpp]

There are many opinions online, but there is no authoritative, definitive answer. GDPR was made vague by design "to prevent future exploits". Even lawyers are arguing the details, three years after its introduction.

This made GDPR in effect one of the most expensive regulations we had to implement as IT companies. It is also so incredibly punitive that everybody choose to implement it in the most conservative way possible, at the expense of the UX. Thus the cookie popups and banners.

[hnarn]

Instead of ranting and providing nothing but conjecture about how "expensive" GDPR is (whatever that means), or insinuating that lawyers "arguing" about something proves that legislation is ineffective (that's literally their job), refer to first hand sources and ask constructive questions in good faith about what you don't understand. Here's one example: https://gdpr.eu/cookies/

Both first party session cookies and "shopping cart" cookies are mentioned as explicit examples of cookies that do not require prior consent and are unlikely to cause any concern.

[lmkg]

Please do not use that website. It presents itself as an authoritative resource, but it is not actually an authoritative resource. Nor, frankly, even a very good one.

Actual first party resource: https://ico.org.uk/for-organisations/guide-to-pecr/guidance-...

ICO is literally the agency that issues fines for GDPR violations in the UK. They have a lot of explicit guidance about what's OK and what's not.

More detailed guidance on the "strictly necessary" exemption: https://ico.org.uk/for-organisations/guide-to-pecr/guidance-...

[nickpp]

Then why does the very gdpr.eu website have a cookie banner at the bottom of the page?! There is clearly no session or shopping cart going on.

[M2Ys4U]

The GDPR doesn't even mention cookies.

It's the ePrivacy Directive that regulates them (or, more precisely, "information stored in the terminal equipment of a subscriber").

And the ePrivacy Directive does, in fact, define what's allowed without notifying the user:

"any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user."

[nickpp]

This kind of vague, high-level language is exactly why, if you reject cookies, you'll receive the same damn popup next time you visit the website until you relent and click Yes.

They never tried applying their abstract concepts to the real world until we had to and the result is "The Web of Cookie Popups".