GDPR compliant cookies script?

User avatar
Edi
Site Admin
Posts: 3121
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Has thanked: 54 times
Been thanked: 77 times
Contact:

kostaslgr wrote: Thu Oct 24, 2019 2:40 pm “That decision is unaffected by whether or not the information stored or accessed on the user’s equipment is personal data. EU law aims to protect the user from any interference with his or her private life, in particular, from the risk that hidden identifiers and other similar devices enter those users’ terminal equipment without their knowledge.”
This is very interesting. But what does it mean?

The context is that pre-checked cookie consent is not allowed. Therefore the meaning can also be that pre-checked cookie consent is not allowed also for cookies collecting personal data. In other words: It's about the pre-checking, not if the data are personal or anonymized.

The situation before this court decision was the following:

https://piwik.pro/blog/how-to-do-useful ... onal-data/
Clickwork - Websites mit Bludit | Planet Bludit - Tipps und Snippets
User avatar
Edi
Site Admin
Posts: 3121
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Has thanked: 54 times
Been thanked: 77 times
Contact:

kostaslgr wrote: Thu Oct 24, 2019 2:57 pm When you say that the script is loaded from another server without the visitor consent, what do you mean? is there any data that is being transfered from the visitor to the cookiebot website?
Exactly. The problem is not a cookie but the script or the two scripts that are loaded from the external server https://consent.cookiebot.com.

With this the user sends data to the server as it happens with every server request (the same you have in your server log as IP address, timestamp, content etc.).
Clickwork - Websites mit Bludit | Planet Bludit - Tipps und Snippets
User avatar
Edi
Site Admin
Posts: 3121
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Has thanked: 54 times
Been thanked: 77 times
Contact:

Edi wrote: Tue Oct 29, 2019 6:08 pm
kostaslgr wrote: Thu Oct 24, 2019 2:40 pm “That decision is unaffected by whether or not the information stored or accessed on the user’s equipment is personal data. EU law aims to protect the user from any interference with his or her private life, in particular, from the risk that hidden identifiers and other similar devices enter those users’ terminal equipment without their knowledge.”
This is very interesting. But what does it mean?
As I learned in the meantime this is not part of the judgement:

https://eur-lex.europa.eu/legal-content ... 2017CJ0673
Clickwork - Websites mit Bludit | Planet Bludit - Tipps und Snippets
Post Reply