[nightpool]

This is common on many, many sites like this because they do not have any tracking cookies or anything else that they would need consent for, but they're still required to display a cookie banner "notifying" you that cookies are "in use" as per the terms of the old 2009 ePrivacy Directive. In this case, it appears that projectaria.com sets 1) one cookie for the user's DPR (1 or 2) so that the backend can serve optimized images, 2) one cookie for the user's locale, and 3) one cookie for a CSRF token for form submission.

[capableweb]

> but they're still required to display a cookie banner "notifying" you that cookies are "in use"

Common misconception but this is not true. If you use cookies only for functional purposes (not for tracking for example), you do not need to show any cookie banners. Like if you have a shopping cart and you have a cookie for keeping track of what's in it, it's for functional purposes for the user and hence needs no notice to be used.

The UK's ICO made a handy summary for people who are curious about what the directive actually says: https://ico.org.uk/media/for-organisations/documents/1545/co...

Specifically:

> Exceptions from the requirement to provide information and obtain consent

> Activities likely to fall within the exception: [...] Some cookies help ensure that the content of your page loads quickly [...] Certain cookies providing security that is essential to comply with the security requirements [...]

[nightpool]

> Common misconception but this is not true. If you use cookies only for functional purposes (not for tracking for example), you do not need to show any cookie banners. Like if you have a shopping cart and you have a cookie for keeping track of what's in it, it's for functional purposes for the user and hence needs no notice to be used.

Personally, I would not put a cookie banner of any kind on my website. However, given this text:

    The term 'strictly necessary' means that such storage of or access to information should be essential, rather than reasonably necessary, for this exemption to apply. However, it will also be restricted to what is essential to provide the service requested by the user, rather than what might be essential for any other uses the service provider might wish to make of that data. It will also include what is required to comply with any other legislation the person using the cookie might be subject to, for example, the security requirements of the seventh data protection principle.

    Where the setting of a cookie is deemed 'important' rather than 'strictly necessary', those collecting the information are still obliged to provide information about the device to the potential service recipient and obtain consent.

I think it's clear why a more risk-conscious organization like Meta might take a more conservative reading of "Strictly necessary" that does not apply to e.g. bandwidth optimizations related to a device's DPI

[Angostura]

You'll notice those last three words "and obtain consent".

Either the cookies are strictly necessary - in which case, there is no need to display a banner, or they aren't in which case you have to ask the user for consent.

"List non-necessary cookies, but don't ask for consent" isn't an option.

[IanCal]

They are not necessary.

> One of the ways we use cookies is to show you useful and relevant ads on and off Project Aria.

[sanderjd]

But it's easier and less risky to just always put in the standard language that everyone ignores and mindlessly clicks through anyway. Which is why this was very silly legislation. People helping develop future legislation (in the EU and elsewhere) should be aware of this as a cautionary tale of incentivizing theater with only cost and no benefit.

[croes]

Then why does the banner say?

>We use cookies to personalise and improve content and services, deliver relevant advertisements and increase the safety of our users

[SkyPuncher]

It’s probably the default language for the company. Technical, t he at allows them to have tracking cookies even if they don’t have them now

[IanCal]

They explicitly say

> One of the ways we use cookies is to show you useful and relevant ads on and off Project Aria.

Also no, it doesn't let them do that because that's not how the law works. There must be an opt out.

[bippihippi1]

doesn't ot have to be opt in? you need to give consent. you can't gove consent until they've told you what cookies there are and click a button. if you don't click those can't be added if you're in the eu

[nerdponx]

Right, I'm sure this is boilerplate language provided by a law firm.

[croes]

Deceptive

[guy98238710]

Language is all that matters when it comes to law. It's a blatant violation of GDPR.

[sangnoir]

What if the banner language suggests they might break GDPR, but in reality they are not doing those things? If my SaaS forces you to select a checkbox that states you're agreeing to allow me to set fire to your house (which is illegal) - would the sign up itself be breaking the law? IANAL, but I don't think it would be; I wont be breaking any laws until I commit arson.

[nerdponx]

It's breaking the law because you're essentially being forced to consent to some thing that they legally must give you the option to opt out of. It's not about them doing it, it's about the validity of their request for consent.

If I hire a hitman to murder somebody, but the hitman chickens out, I'm still guilty of having hired a hitman, even if nobody died.

[rglullis]

AFAIK, that is not true. Cookie banners are only required if they are used for tracking purposes.