|
|
|
|
|
|
by jdlshore
1490 days ago
|
|
|
Cookies aren't part of the GDPR, so they must be part of the ePrivacy Directive. Consent is part of the GDPR, but the way I've seen it operate in practice is widely out of compliance. You're supposed to ask for consent in each specific instance of data collection, not present a blanket approval, and default to "no." |
|
|
Cookies and the GDPR The General Data Protection Regulation (GDPR) is the most comprehensive data protection legislation that has been passed by any governing body to this point. However, throughout its’ 88 pages, it only mentions cookies directly once, in Recital 30.
Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
What these two lines are stating is that cookies, insofar as they are used to identify users, qualify as personal data and are therefore subject to the GDPR. Companies do have a right to process their users’ data as long as they receive consent or if they have a legitimate interest.