> You also need a cookie banner in EU in case your website uses any cookies that are not necessary to serve the content.
Not quite, for two reasons:
- The law doesn't care about cookies, it cares about personal data, which includes any data which can individually identify someone (like a cookie associating them with a user account). If you're collecting or processing any personal data, that requires consent; even if you have no cookies.
- The law doesn't care about serving-as-in-content; it cares about providing a service, which could be showing content on a Web site, or could be dispatching orders from a warehouse, or whatever. If someone's personal data is required to provide a service for them, then their consent is implied.
The reason analytics, tracking, ad networks, etc. do not have implied consent, is because the people receiving the service (e.g. those buying ad space) are not the people who the personal data is about (i.e. ad companies cannot consent on my behalf!)
You're only talking about the GDPR. But the cookie banners aren't there because of the GDPR, they're there because of the ePrivacy Directive.
It's this directive (which pre-dates the GDPR) that makes it illegal to store or access data on the end user's devices without consent unless it is strictly necessary for the provision of the service.
Not quite, for two reasons:
- The law doesn't care about cookies, it cares about personal data, which includes any data which can individually identify someone (like a cookie associating them with a user account). If you're collecting or processing any personal data, that requires consent; even if you have no cookies.
- The law doesn't care about serving-as-in-content; it cares about providing a service, which could be showing content on a Web site, or could be dispatching orders from a warehouse, or whatever. If someone's personal data is required to provide a service for them, then their consent is implied.
The reason analytics, tracking, ad networks, etc. do not have implied consent, is because the people receiving the service (e.g. those buying ad space) are not the people who the personal data is about (i.e. ad companies cannot consent on my behalf!)