Hacker News new | ask | show | jobs
by dcow 358 days ago
Read: https://gdpr.eu/cookies/ …after you dismiss the cookie banner, of course. I add this not only as a quip but to highlight that even a gdpr explainer website which you’d expect isn’t doing the evil thing of tracking users, has interpreted the relevant laws such that it finds it necessary to promt the user in order to simply explain the gdpr and epd/epr…
2 comments
Latty 355 days ago
> This is not an official EU Commission or Government resource. [...] Nothing found in this portal constitutes legal advice.

It's easier and safer to just claim that you must prompt for everything, and it serves the goal of obfuscating bad behaviour.

Cookies that are functionally necessary to do what the user is there for, not to track them, are OK, that's the spirit and intent of the law. Even if you think the wording means that, realistically, the EU isn't coming after anyone for a legitimate good-faith use of language cookies without a banner, and they'd clarify if that was how they intended to enforce it.

link
jraph 358 days ago
The way I read this proves you wrong:

> Cookie compliance [heading]

> To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

> Receive users’ consent before you use any cookies except strictly necessary cookies.

(emphasis not mine, but would have added it)

link
dcow 357 days ago
A language preference cookie is colloquially considered a preferences cookie, which is included in the except strictly necessary cookies.
link
jraph 357 days ago
I'm not sure what you mean but our ancestor comment describes this clearly.

A language preference cookie is not tracking.

https://news.ycombinator.com/item?id=44426726#44431268

link
dcow 357 days ago
You didn't read what I sent. https://news.ycombinator.com/item?id=44434919

The GDPR is different from the ePrivacy Directive. The EPD is responsible for cookie consent. And it has the language addressing preferences cookies.

link
jraph 357 days ago
I did, I quoted stuff from it, but you are not helping. You should quote the things relevant to the point your are making. Especially when you notice people are not picking up. You also keep saying that gdpr is not EPD, but your link is short on details about this and with this point, you lead me to seek information in sections that are irrelevant.

But I see what you are saying now. That page lists the different purposes, including preference cookies (which include language preferences) and strictly necessary cookies, and I know asking consent is not necessary only for strictly necessary cookies (this page says it, I quoted that part earlier).

If that page is right, you are right and I was wrong. Thanks for persisting.

Well, that would be a shame, and that probably would explain why cd.cz makes me pick English each time I visit. I was assuming they could just save this preference in a cookie, but they obviously wouldn't be able to since I didn't provide consent, since I hide the cookie banners and they don't ask for consent later when needed.

Now, that page is not authoritative and I see it criticized here: https://www.reddit.com/r/gdpr/comments/vniefz/strictly_neces...

I guess it it safe to ask consent in doubt, but I'm not yet convinced the language cookie cannot be considered strictly necessary. How can you correctly provide a requested service to a user if you don't use a language they understand, and how storing the language is not for fulfilling an explicit request from them?

link