Are cookies violating if they don't leave the website? It doesn't seem to be a p...

Aperocky · on Dec 6, 2019

By the same logic, are cookie violating if they are stored _somewhere else_ but the service provider are not selling those cookies to other people? what if the service provider have another service provider that provide analytic services to help with serving the website in question?

What's the difference of say, a dedicated cookie storage service company storing the cookie vs. an internal IT team that builds the wheel and store the cookie with analytic services? Especially when the usage of the cookie in both case being limited to the site in question?

This seem to negate the entire idea of programming - do one thing well, and have another thing to another thing well. Which applies to the business world at large.

Wowfunhappy · on Dec 6, 2019

Cookies aren't inherently against GDPR if they're used explicitly for necessary site functionality—you don't even need to tell users about them in that case.

What's not allowed is user tracking.

sjy · on Dec 7, 2019

So why display the cookie warning? I assume it’s an attempt to obtain “consent” to something that would otherwise be prohibited by the GDPR, and in relation to consent the GDPR says:

“Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment ... Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.”

I agree with the grandparent that many cookie warnings seem at odds with the GDPR in this respect.