[choeger]

In the end, it all boils down to this:

1. It is trivial to have a metric about how many requests were made for a link on a site, say a/

2. It is legally very much non-trivial to have a metric about how many requests were made to a/ followed by requests to b/

One way to solve 2. would be to change links based on earlier interaction server-side. So instead of [a/, b/], the requests would be [a/, a.b/] IMO, this should be legal, but might not under strict interpretation of the law.

[bluepuma77]

Sounds like the early days of the web, when cookies weren’t widely used.

User sessions were created with a URL query parameter, like `?sessionid=`, and every page would pick up the sessionid and include it in every link on the page.

[Moru]

That is just cookies. What GP was suggesting was a history trail, not a session id.

[ryan-c]

You can turn on the referrer header for same site, however I suspect the author would argue that this would be contrary to GDPR. There is also the ping attribute on links, but again, if we accept the author's premise...

[legitster]

There's a distinction between first-party data and third-party data. You can view your own server logs - but sending over user data to a service like Google Analytics is what is regulated.

[t0mas88]

No it's not. Nowhere in the ePrivacy Directive do they specify anything about first- vs third-party data.

[legitster]

It's not explicit in the directive, but it is right there in the working docs so it's pretty clearly a principle:

> the Working Party considers that first party analytics cookies are not likely to create a privacy risk when they are strictly limited to first party aggregated statistical purposes and when they are used by websites that already provide clear information about these cookies in their privacy policy as well as adequate privacy safeguards.

[birjolaxew]

You left out the context of your quote[0], where the Working Party explicitly states that first party analytics are not exempt from Article 5.3. Your quote leads up to their opinion that they _wish_ it was exempt, since it represents little privacy risk, but that it would require the article to be re-visited.

[0] Section 4.3 of https://ec.europa.eu/justice/article-29/documentation/opinio...