Dude, I had this exact conversation with our compliance team. They told me I couldn’t write literally anything client-side unless the user agreed. They also insisted that I always show the cookie banner if there wasn’t a cookie. Dumbest shit ever. Used the litany of user bug reports on day 1 to tell compliance to go fuck themselves.
The GDPR literally does not apply for non-personal data. I don’t get why companies are so ridiculous with their cookie banners. Nevermind that they have no qualms violating the GDPR in plenty other places.
Especially the ones that are so fucking obnoxious that you have to go through it to even view the site. I don’t bother most of the time. The banner should be unobtrusive AND there should be a button that rejects all. I shouldn’t have to go and click edit preferences, uncheck a bunch of check boxes, the click confirm. There are some sites that are doing it correctly, but they are few and far between.
Don’t be so quick to dismiss the feedback from compliance teams. It’s possible TOU are written such that you really can’t store data on the client without agreement. It’s also possible that other regulations besides GDPR apply that you may not be aware of, for example those specific to banking or health.
We’re a global company making enterprise software. We have all the certifications including really nasty ones like FedRAMP and HIPAA combined. GDPR is a walk in the park comparatively. I’m well aware of the details and deal with compliance on a nearly daily basis. The only justification was “just to be safe”, which is why they quickly acquiesced to storing the string “false” after pushback.
Dude, I had this exact conversation with our compliance team. They told me I couldn’t write literally anything client-side unless the user agreed. They also insisted that I always show the cookie banner if there wasn’t a cookie. Dumbest shit ever. Used the litany of user bug reports on day 1 to tell compliance to go fuck themselves.
The GDPR literally does not apply for non-personal data. I don’t get why companies are so ridiculous with their cookie banners. Nevermind that they have no qualms violating the GDPR in plenty other places.
Especially the ones that are so fucking obnoxious that you have to go through it to even view the site. I don’t bother most of the time. The banner should be unobtrusive AND there should be a button that rejects all. I shouldn’t have to go and click edit preferences, uncheck a bunch of check boxes, the click confirm. There are some sites that are doing it correctly, but they are few and far between.
The worst is when the banner is unobtrusive, almost unnoticeable, but nothing on the site is clickable until you interact with it
deleted by creator
A single Boolean to no longer show a cookie banner is not personally identifying data.
Don’t be so quick to dismiss the feedback from compliance teams. It’s possible TOU are written such that you really can’t store data on the client without agreement. It’s also possible that other regulations besides GDPR apply that you may not be aware of, for example those specific to banking or health.
We’re a global company making enterprise software. We have all the certifications including really nasty ones like FedRAMP and HIPAA combined. GDPR is a walk in the park comparatively. I’m well aware of the details and deal with compliance on a nearly daily basis. The only justification was “just to be safe”, which is why they quickly acquiesced to storing the string “false” after pushback.