Hacker News new | ask | show | jobs
by ROFISH 1124 days ago
Because it stores data on a user's computer, isn't using localStorage to track sessions still considered to be a "cookie" for ePrivacy Directive purposes? To that end, I don't think it's not "no cookie banner" compliant for the law as it exists today.

(Note: It _may_ be compliant for future updates of the directive coming in a couple of years, but iirc that isn't out yet.)
2 comments
krsdcbl 1124 days ago
just to point it out, laws like GDPR do not mention "cookies" anywhere. It's regulating how you may or may not retrieve and store ANY data that makes an individual identifyable.

The whole "cookie" topic is a dark pattern mostly pushed by ad providers as a friendly word to bypass having to say "may we track everything you do?".

So if it tracks data points that can be used to clearly identify a visitor, or marks the visitor in a way that can be used to personally identify them later, it will need the users consent, regardless of where and how this is stored.

link
thecopy 1124 days ago
The parent was talking about ePrivacy Directive which is a regulation for companies registered and operating in EU. That is where the cookie banner requirement comes from.
link
whstl 1124 days ago
The ePrivacy Directive does mention cookies in its text, but it says "cookies or similar devices", so it clearly includes localStorage, which the 2002 text predates.

And there was NEVER a requirement for a "cookie banner" in its text. Consent under it can be given in any other way that are not as intrusive, but it was the industry who chose the stupid banner and invasive analytics. Also notice that under both GDPR and ePrivacy Directive, consent is not required for cookies/etc with a legitimate purpose. Examples of those have been given under the ePrivacy Directive from almost the beginning, but more explicitly in the "Opinion 04/2012 on Cookie Consent Exemption" which is from 2012 and predates cookie banners.

[1] Here's an example of asking for consent to store a cookie that doesn't involve a banner: https://www.williamgrant.com . It's in the age-check modal.

link
thecopy 1124 days ago
Indeed. The IAB has, imo, purposely made the “consent” modal as confusing and annoying as possible to train users to just accept. All those different purposes… it is all very confusing even for an engineer like me who’s job it is to work with (due to legal department’s conviction that unless we have such a modal we are breaking the law)
link
deprecative 1123 days ago
So, is your proposal for a cookie banner replacement a full-page takeover? That seems less ideal than the banner.
link
whstl 1123 days ago
What "proposal"? I'm talking about the checkbox in the bottom. It is asking for consent to store PII in a cookie, and it doesn't need a banner.

I was answering to a claim that cookie banners are required by the ePrivacy Directive. There is no requirement for banner anywhere there or in GDPR. They were invented by the advertisement industry, and almost all the time are found to be non-compliant.

link
svdr 1124 days ago
This directive is still only a proposal...
link
thecopy 1124 days ago
I think you are mixing that up with the ePrivacy Regulation
link
svdr 1124 days ago
I did, thanks!
link
unmole 1123 days ago
> The whole "cookie" topic is a dark pattern mostly pushed by ad providers as a friendly word to bypass having to say "may we track everything you do?".

Go to https://gdpr.eu/ and tell me what their cookie banner says.

link
openplatypus 1124 days ago
Correct, access to Terminal Device will likely require consent. Local Storage is such access.

But not every access, or cookie, will require consent.

https://wideangle.co/blog/what-is-consent-under-gdpr

link