[illiarian]

> However, cookie notification banners are nothing to do with GDPR! They are to comply with an earlier (but still active after GDPR) bit of legislation, the 2002 'ePrivacy Directive' (sometimes known as the "cookies law").

The cookie banners people are now complaining about are literally companies skirting or otherwise breaking GDPR. Because they now have to ask for your consent before the siphon your data and sell it wholesale to the highest bidder.

[swores]

Sorry if I wasn't clear, there's confusion between banners put up because of GDPR and actual 'cookie banners'.

There are certainly plenty of examples of poorly implemented banners attempting to comply with GDPR while not actually being compliant, where consent is required, but I wouldn't call those 'cookie banners' since they generally talk about privacy and personal data, not just about cookies/local storage.

My point was that there are plenty of websites that don't need to comply with GDPR (because nothing they do falls under its scope), but they still need to comply with the ePrivacy Directive and therefore there are plenty of cookie banners used for that purposes that are a perfectly acceptable way of complying with that law - though because people are more familiar with GDPR than with the ePrivacy Directive, they see those banners and think it's a non-compliant attempt at dealing with GDPR.

[illiarian]

I wish they's update the ePrivacy directive :)

---

I think, but don't quote me in that, that with ePrivacy you don't really need a banner, but an explanation that you use cookies. But that is a minor issue

[swores]

I think there is an update being discussed? Away from my desk but will look in a bit

[illiarian]

I saw this discussed in my Twitter feed today, so second-third-hand account is that the update has been in the works for almost a decade, being fought tooth and nail by the same companies that fight any other privacy initiative.

Hearsay and rumors, so don't take this seriously

[swores]

Ah yeah, this is what I came across earlier when looking for the full 2002 text: "Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)"

But it's from 2017... https://eur-lex.europa.eu/legal-content/EN/TXT/?darkschemeov...

(If the twitter discussion was interesting, any suggested accounts to follow for this sort of topic?)

[illiarian]

It was a couple of acquaintances discussing GDPR :)

I guess you'd want follow

- Felix Reda https://twitter.com/Senficon (former European MP for the Purate Party)

- NOYB EU https://twitter.com/NOYBeu (fighting the GDPR fight)

- Max Schrems https://twitter.com/maxschrems (https://en.wikipedia.org/wiki/Max_Schrems)

These are more or less the usual suspects you'd follow :)