|
|
|
|
|
|
by hnbad
1255 days ago
|
|
|
I don't know how bypassing cookies does literally anything, at least not since the GDPR came into effect (let alone ePrivacy). It doesn't matter if the data is collected via cookie, header, HTTP request or carrier pigeon. If you're processing, storing or transferring PII for non-functional (read: immediately necessary to provide the service the user specifically requested) purposes, you need revokable consent via opt-in and you need to be able to provide information to the user about what data you collected and what you did with it. Now that the GDPR and ePrivacy are in effect, PII is radioactive. You need containment, handling and disposal procedures, you need to allow users to inspect it at any time and if you accidentally expose anyone to it that's a major emergency incident. |
|
|