Hacker News new | past | comments | ask | show | jobs | submit login

While I'm certainly not going to argue in favor of the GDPR, the "cooking warning" actually specifically excludes cookies used for things like authentication. It covers cookies used for other purposes, such as trackers.

From my understanding if the cookie is for an account on a website (which usually is only required to store private information such as name, email, address, etc) you would need to display the cookie warning.

Cookies are only affected if they are not a core and essential part of the product's functionality, and can identify the user. You could also argue that authentication may not be an essential part of an app's functionality, but you would not be successful; it's well-established by now.

According to the following you still are required to display the cookie warning/banner, but without the consent requirement.


Exemptions to the consent requirement Some cookies are exempt from the consent requirement and therefore are not subject to preventive blocking (though you’re still required to have the banner and cookie policy in place). The exemptions are as follows:

Technical cookies strictly necessary for the provision of the service. These include preference cookies, session cookies, load balancing, etc. Statistical cookies managed directly by you (not third-parties), providing that the data is not used for profiling Statistical (anonymized) third-party cookies (e.g. Google Analytics)* *This exemption is may not be applicable for all regions and is therefore subject to specific local regulations.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact