Hacker News new | ask | show | jobs
by capableweb 1065 days ago
> but they're still required to display a cookie banner "notifying" you that cookies are "in use"

Common misconception but this is not true. If you use cookies only for functional purposes (not for tracking for example), you do not need to show any cookie banners. Like if you have a shopping cart and you have a cookie for keeping track of what's in it, it's for functional purposes for the user and hence needs no notice to be used.

The UK's ICO made a handy summary for people who are curious about what the directive actually says: https://ico.org.uk/media/for-organisations/documents/1545/co...

Specifically:

> Exceptions from the requirement to provide information and obtain consent

> Activities likely to fall within the exception: [...] Some cookies help ensure that the content of your page loads quickly [...] Certain cookies providing security that is essential to comply with the security requirements [...]
2 comments
nightpool 1065 days ago
> Common misconception but this is not true. If you use cookies only for functional purposes (not for tracking for example), you do not need to show any cookie banners. Like if you have a shopping cart and you have a cookie for keeping track of what's in it, it's for functional purposes for the user and hence needs no notice to be used.

Personally, I would not put a cookie banner of any kind on my website. However, given this text:

    The term 'strictly necessary' means that such storage of or access to information should be essential, rather than reasonably necessary, for this exemption to apply. However, it will also be restricted to what is essential to provide the service requested by the user, rather than what might be essential for any other uses the service provider might wish to make of that data. It will also include what is required to comply with any other legislation the person using the cookie might be subject to, for example, the security requirements of the seventh data protection principle.

    Where the setting of a cookie is deemed 'important' rather than 'strictly necessary', those collecting the information are still obliged to provide information about the device to the potential service recipient and obtain consent.
I think it's clear why a more risk-conscious organization like Meta might take a more conservative reading of "Strictly necessary" that does not apply to e.g. bandwidth optimizations related to a device's DPI
link
Angostura 1065 days ago
You'll notice those last three words "and obtain consent".

Either the cookies are strictly necessary - in which case, there is no need to display a banner, or they aren't in which case you have to ask the user for consent.

"List non-necessary cookies, but don't ask for consent" isn't an option.

link
IanCal 1065 days ago
They are not necessary.

> One of the ways we use cookies is to show you useful and relevant ads on and off Project Aria.

link
sanderjd 1065 days ago
But it's easier and less risky to just always put in the standard language that everyone ignores and mindlessly clicks through anyway. Which is why this was very silly legislation. People helping develop future legislation (in the EU and elsewhere) should be aware of this as a cautionary tale of incentivizing theater with only cost and no benefit.
link