Asklemmy

43818 readers

1399 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
[email protected]: a community for finding communities

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago

MODERATORS

[email protected]

Cookie wall: what is legitimate interest about (lemmy.world)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

18 comments fedilink hide all child comments

Many websites have a - huge- part in their cookie wall, called 'legitimate interest'. I never allow them and i wonder; is this just a loophole to be able to force certain cookies on us anyway?

I can't imagine it is harmless, but i never hear anyone discussing these type of cookies.

EDIT: Everyone, thank you so much for taking the effort to answer. These replies were very helpful and often quite detailed. I've read them all and it certainly gives food for thought. I also read that EU page, which is indeed not really clarifying much.

I agree that we need to do as much as possible to block all these invaders of our privacy, though it is ridiculous that we have to make so much effort to protect ourselves. And i know many people around me, who just let it all happen and are sometimes not even aware of such things as trackers. And honestly, they shouldn't have to be aware, it is infuriating that these things are either allowed, or those companies taking the - small - risk to get away with it, because most people won't bother with law suits and what not, certainly not when so many websites have these shady practices...

Again, thank you; i'm glad i asked :-)

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 6 points 1 year ago (1 children)

True but the GDPR is not the primary legislative instrument here since it deals with general rules for processing personal data. The ePrivacy directive (or PECR in UK) is more important when it comes to cookies since it deals with electronic communication.

The ePrivacy directive states that cookies and similar tracking technologies can only be dropped on a user device after obtaining consent, i.e. no other ‘GDPR’ legal bases such as legitimate interest are available. There is an exception for cookies that are essential or strictly necessary for the website to work. In such cases no consent needs to be obtained. This exception is narrowly interpreted by most EU supervisory authorities.

This may be subject to change though since the ePrivacy directive is in the process of being replaced by the ePrivacy regulation which is said to outline new rules for cookies.

[–] [email protected] 2 points 1 year ago

The practical way this seems to be implemented is that sites report the bulk of cookies and default to off to comply with GDPR, then list a subset of cookies as legitimate interest-based and default those to on with an ambiguous "object" setting.

Guessing the idea behind it is legal advice that legitimate interest swaps from one ruleset to another, but like the previous poster said I'm not sure how well any of this is tested.