Hacker News new | ask | show | jobs
by kemitche 611 days ago
GDPR isn't a blanket ban on cookies. You don't require a cookie notice for strictly necessary cookies, which you have a "grounds of legitimate interest" for: https://commission.europa.eu/law/law-topic/data-protection/r...

Fraud prevention is listed as an example of a "legitimate interest."

So no, by my layman's interpretation, they would not have been bound by GDPR to notify the user of cookies or other fingerprinting used solely for anti-cheat. They'd run into trouble if they use that same ID for marketing/advertising without consent, though.
2 comments
Retr0id 611 days ago
They're perhaps not required to gather explicit opt-in consent, but my understanding is that they'd be required to disclose what information they collect/store.
link
phire 611 days ago
The same rules apply to the steam ID and IP address.

As far as I'm aware, you can get away with disclosing the fact that you are tracking "unique identifiers for the purpose of anti-cheating" in the terms and conditions, without explicitly explaining the technical details that it's a cookie.

Also, this is a server covering the Australia/New Zealand region, so it doesn't have to worry about GDPR compliance.

link
xxs 610 days ago
>the fact that you are tracking "unique identifiers for the purpose of anti-cheating"

A person can requests to delete their data at any time, and also can request to provide all the personal data collected.

link
consp 610 days ago
This does not apply to fraud. You can store the data if it is relevant to an illegal act, and since cheating voids the ToS of the server ...
link
xxs 610 days ago
fraud is a criminal offense. ToS is in most cases is a wish-washy nonsense talk, legally not enforceable (in the EU)

It's rather hard to make any online agreement that's more lax than the law in the EU (and call it ToS)

link
newZWhoDis 611 days ago
GDPR is toothless eurotrash.

I saw a consent form that had 72 optional, 21 “legitimate interest” cookies.

GFB

link
tmtvl 610 days ago
If GDPR were entirely toothless then they wouldn't have shown you the consent form but they would've just served the cookies regardless. The GDPR is not about reducing the cookies served, it's about letting people opt out.

Unfortunately it is lacking some teeth because normally opting out of all cookies should be as easy and straightforward as opting in to all cookies, but I've seen quite a few forms that hide 'reject all' behind a 'more info' button type of thing. Maybe I could file a complaint about that, I should look into it.

link
Ylpertnodi 611 days ago
That means gdpr is working.
link