Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It is not just client storage either, it could also be ephemereal computed fingerprinting with server side tracking.


No, it is just client storage. The law is explicitly only about client storage:

>Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.

-- Article 5(3) of the Privacy and Electronic Communications Directive 2002

("Directive 95/46/EC" being the old Data Protection Directive, which has been replaced by the GDPR)


Sorry for the misunderstanding on my part. I didn't correctly parse the previous responses.

* Grandparent was talking about getting rid of cookie banners.

* Parent was talking about API to prevent tracking needing an extension for all local storage.

Of course to get rid of the original cookie banners, preventing tracking through other means is irrelevant. But nowadays most sites I visited got rid of the original cookie banners, so in my mind the complaints extend to those, even if it's not correct.


It is GDPR and not PECR that sites responded to with the cookie banners that we deal with today, and GDPR covers a much broader surface area ("processing of personal data")


Sort of, but it's still the ePD, really. The ePD was always there, but largely ignored by both companies and regulators.

What happened when the GDPR came in was twofold:

1. Everyone became acutely aware of data protection legislation, because the GDPR actually had teeth when it came to enforcement.

2. The ePD referenced the Data Protection Directive, and when the GDPR came in to force all references to the DPD became references to the GDPR.

The consequence of #2 is that the hand-wavy "implicit consent" that sites relied on to avoid cookie banners (why show a banner asking for consent if you can just assert you do have consent?) went away - the GDPR made it clear that consent must be explicit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: