|
|
|
|
|
|
by raverbashing
517 days ago
|
|
|
I disagree with the author's assessment: - There is no way the browser can be instructed to not send the browser agent. Moreso it could be argued that this is needed for making the site work (legitimate interest). Though yes, if it's an extra call to an external URL I would say this is problematic - As mentioned by the Plausible opinion, it is not being stored. It is also not an unique identifier As an addendum, when legal discussions happen here it seems they focus a lot more on the fine print than on the big picture. And while the fine print does have its importance, the bigger picture is what has the most impact (though yeah I agree with the 2012 Working Party opinion there) |
|
|
If you process the UA to "make the site work" then yes. One example for that would be a site that has the purpose of showing the visitor their user agent string (like "what is my IP?" sites do for your IP). Another might be to provide a different view for mobile devices though that has largely been solved with responsive design.
If you process the UA to fingerprint visitors to "improve the experience" by showing them ads or performing usage analytics over time to see what works and what doesn't, that's different. Arguably analytics can have a legal basis other than consent but that doesn't give you a carte blanche for what data you can use and how.
> it is not being stored
That doesn't really matter as long as it is PII as processing PII still requires a legal basis even if you don't store it. Collecting, processing, storing and sharing all require a legal basis even if that basis might be trivial.