|
|
|
|
|
|
by hnbad
512 days ago
|
|
|
> Moreso it could be argued that this is needed for making the site work (legitimate interest). If you process the UA to "make the site work" then yes. One example for that would be a site that has the purpose of showing the visitor their user agent string (like "what is my IP?" sites do for your IP). Another might be to provide a different view for mobile devices though that has largely been solved with responsive design. If you process the UA to fingerprint visitors to "improve the experience" by showing them ads or performing usage analytics over time to see what works and what doesn't, that's different. Arguably analytics can have a legal basis other than consent but that doesn't give you a carte blanche for what data you can use and how. > it is not being stored That doesn't really matter as long as it is PII as processing PII still requires a legal basis even if you don't store it. Collecting, processing, storing and sharing all require a legal basis even if that basis might be trivial. |
|
|