By tracking the user across many websites we can give personal recommendations of new products the user might like based on their surfing habits. For instance depression is correlated with erratic surfing behaviour. By making use of these types of relationships we can offer our customers what they need when they need it.
Another good feature is what we call multisite one-click shopping. Having to enter address, credit number, cvc etc on lots of websites is daunting for the customer and can hurt conversions.
Cool, all sounds useful, so you have no issue asking for the user's permission to do this?
Because it's still not technically necessary for the functioning of whatever it is that the user is trying to do on your particular site.
These are all fine business reasons but (AFAICT) the entire intent of the law is that business reasons are not good enough to track people without their explicit knowledge and permission that that is what you're doing.
(yes of course they fouled up on the coding and execution of the law, bureaucrats were involved)
You didn't originally say "technically necessary," but my argument is not with you. It's with half-baked legislation. Does the legislation make the distinction? You use the phrase "technically necessary for the functioning of..." and the business guys in the company will continue to argue that yes, this is technically necessary for the functioning of their company/website/business etc.
Ask the engineers whether these things are "technically necessary" to facilitate the business plan, because the business plan is the entire reason the company exists. The answer is yes. I'd suspect the workaround is that you just don't do business with people who don't want to be tracked.
Are we going to start legislating every detail of business?
"the business guys in the company will continue to argue that yes, this is technically necessary for the functioning of their company/website/business etc."
Except it's not.
"Ask the engineers whether these things are "technically necessary" to facilitate the business plan, because the business plan is the entire reason the company exists. The answer is yes."
The Business plan is irrelevant. You're clutching at (false) straws here and you know very well what I mean by technically necessary for the functioning of the site, the law and/or guidelines even talk about implied consent covering only what is needed to allow the interaction between a site (the site you are ON, not a third party) and the user). In any other circumstances you have to ask. I don't understand what you find so hard about this - are you setting the cookie to enable the user to have a session on your site? Cool. Are you using it to track their movement? Not cool. End.
"Are we going to start legislating every detail of business?"
Where it starts to impinge on personal privacy, I hope so, yes.
Another good feature is what we call multisite one-click shopping. Having to enter address, credit number, cvc etc on lots of websites is daunting for the customer and can hurt conversions.
/s