GDPR: Is It Worth It?

[fmbb]

GDPR.eu is operated by Proton AG, a Swiss technology company offering privacy-focused online services.

It’s not an EU site.

[shagie]

Nonetheless, is it possible for the site to fulfill its obligations under the GDPR without needing a cookie or other tracking information that would warrant needing to say "you are being tracked"?

    GDPR.EU is a website operated by Proton Technologies AG, which is co-funded by Project REP-791727-1 of the Horizon 2020 Framework Programme of the European Union. This is not an official EU Commission or Government resource. The europa.eu webpage concerning GDPR can be found here. Nothing found in this portal constitutes legal advice.

The "here" link goes to https://commission.europa.eu/law/law-topic/data-protection/r...

Would you be surprised if there was a big banner at the bottom of the page that read

    This site uses cookies. Visit our cookies policy page or click the link in any footer for more information and to change your preferences

[janosd]

As far as I can tell, yes. If cookies (or other means of storing data on the users computer) are strictly technically necessary, and no data collection takes place as a legitimate interest, and you do not process data requiring consent, neither the ePrivacy directive nor the GDPR requires you to create a cookie banner. Needless to say, I'm not a lawyer and this is not legal advice.

On a technical level this would likely mean turning off access logs and other tracking mechanisms. (IP addresses are considered personal data last I checked.)