|
> in fact you can't collect any data from the visitor device But this is not true. You can definitely collect and store all sorts of data (including PII) for legitimate purposes, and without a cookie banner. For example: collecting and storing data required to provide the service itself requested by customers, login data, collecting address for delivering a package, shopping cart persistence, language selection, some preferences, fraud detection, rate limiting, DDOS protection, JS polyfill application, logging, resolution optimization. By the way, ePrivacy is not really about the data collection itself (this is more in the GDPR's wheelhouse), but rather about storage in the user's device, among other things. For the legitimate purposes regulated by the ePrivacy Directive, the Matomo link in the article also mentions it, in the "When Consent Is Not Required" section. You posted a link to it yourself, here: https://news.ycombinator.com/item?id=42820474 Here's a demonstration of how cookie banners are redundant if you only have legitimate purpose: you can click "deny" and the website still works and performs collection and storage. "To still work" is legally required by the GDPR. For those cases, all you need is a Privacy Policy. In fact it would be impossible to comply to both ePrivacy and GDPR at the same time if consent was required for legitimate purpose actions! And of course: as long as you reuse any of this legitimately collected data for advertising or analytics, you need extra consent, but I assume this is clear. |