Hacker News new | past | comments | ask | show | jobs | submit login

Consent form is not needed when cookies are technically necessary. If user's login state or shopping cart would break if they didn't store a first-party cookie, you don't need to ask them for consent for that cookie (as long as it's limited to that purpose).

In other words: if a site displays a consent form, it's already doing something wrong. Not horribly wrong - that's why it's a consent form requirement, and not immediate fine or jail time for the site operators - but wrong nonetheless. GDPR is purposefully structured in such a way that consent is needed only for things that are abusive to users, or were found to carry a significant risk of being used to abuse users.




> GDPR is purposefully structured in such a way that consent is needed only for things that are abusive to users, or were found to carry a significant risk of being used to abuse users.

What the regulators intend is one thing. What paranoid legal teams, particularly common law legal teams, think is another.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: