GDPR compliant cookies script?

User avatar
Edi
Site Admin
Posts: 1652
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Contact:

Tue Oct 29, 2019 6:08 pm

kostaslgr wrote:
Thu Oct 24, 2019 2:40 pm
“That decision is unaffected by whether or not the information stored or accessed on the user’s equipment is personal data. EU law aims to protect the user from any interference with his or her private life, in particular, from the risk that hidden identifiers and other similar devices enter those users’ terminal equipment without their knowledge.”
This is very interesting. But what does it mean?

The context is that pre-checked cookie consent is not allowed. Therefore the meaning can also be that pre-checked cookie consent is not allowed also for cookies collecting personal data. In other words: It's about the pre-checking, not if the data are personal or anonymized.

The situation before this court decision was the following:

https://piwik.pro/blog/how-to-do-useful ... onal-data/
Planet Bludit, Tipps, Snippets und nützliche Links. - Newsletter, Informationen zu Bludit (auf Deutsch).
User avatar
Edi
Site Admin
Posts: 1652
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Contact:

Tue Oct 29, 2019 6:39 pm

kostaslgr wrote:
Thu Oct 24, 2019 2:57 pm
When you say that the script is loaded from another server without the visitor consent, what do you mean? is there any data that is being transfered from the visitor to the cookiebot website?
Exactly. The problem is not a cookie but the script or the two scripts that are loaded from the external server https://consent.cookiebot.com.

With this the user sends data to the server as it happens with every server request (the same you have in your server log as IP address, timestamp, content etc.).
Planet Bludit, Tipps, Snippets und nützliche Links. - Newsletter, Informationen zu Bludit (auf Deutsch).
User avatar
Edi
Site Admin
Posts: 1652
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Contact:

Tue Oct 29, 2019 10:52 pm

Edi wrote:
Tue Oct 29, 2019 6:08 pm
kostaslgr wrote:
Thu Oct 24, 2019 2:40 pm
“That decision is unaffected by whether or not the information stored or accessed on the user’s equipment is personal data. EU law aims to protect the user from any interference with his or her private life, in particular, from the risk that hidden identifiers and other similar devices enter those users’ terminal equipment without their knowledge.”
This is very interesting. But what does it mean?
As I learned in the meantime this is not part of the judgement:

https://eur-lex.europa.eu/legal-content ... 2017CJ0673
Planet Bludit, Tipps, Snippets und nützliche Links. - Newsletter, Informationen zu Bludit (auf Deutsch).
Post Reply