zlacker

[parent] [thread] 6 comments
1. def_tr+(OP)[view] [source] 2018-05-18 11:00:33
The site linked in their profile works just fine with all JS disabled.
replies(2): >>sdoeri+B >>zerost+Q
2. sdoeri+B[view] [source] 2018-05-18 11:12:14
>>def_tr+(OP)
Thanks. I tried to achieve that. As I am surfing with a lot of JS being blocked/disabled, I wanted my own site to be usable for myself.
3. zerost+Q[view] [source] 2018-05-18 11:16:18
>>def_tr+(OP)
i did not mean that the site doesnt work without tracking, but according to the law i should have the option to access the site without being tracked.
replies(1): >>sdoeri+k2
◧◩
4. sdoeri+k2[view] [source] [discussion] 2018-05-18 11:34:30
>>zerost+Q
No. That is just plainly wrong. GDPR allows for tracking without opt in. It just needs to enable you to opt out of being tracked with for example a link to opt out in the privacy policy page. Something I still plan to make more visible (in the footer or something like that), but is already there [0].

These so called cookie layers are not necessary for tracking. They are not even necessary for first party on site advertising. For that you also do not need consent if you read the GDPR/DSGVO (German version).

In the DSGVO it is §6.1f [1] you would want to read about. There is even an elaborate explanation from the German legistlation [2] what "Berechtiges Interesse" ( legitimate interest) exactly means.

So to make this short: direct marketing as well as tracking is totally fine even without consent. Give an option to opt out, explain why you need the data, what you do with it and how long you store it as well as a point of contact (for people wishing for their data to be deleted) and you are fine.

As long as you do not do profiling or stuff like that. A personal blog/website is then totally fine with GDPR. Btw. you would need to add all of this to your privacy page even if you had no web tracking installed, as your webserver probably would have logging activated. Having an IP address in there make this data fall under the GDPR (at least in Germany). So you would need to explain all that stuff because of the log files non the less.

[0]: https://schriftrolle.de/datenschutz [1]: https://dsgvo-gesetz.de/art-6-dsgvo/ [2]: https://dsgvo-gesetz.de/erwaegungsgruende/nr-47/

[Edit:] Ordered the footnotes

replies(1): >>zerost+a9
◧◩◪
5. zerost+a9[view] [source] [discussion] 2018-05-18 12:47:43
>>sdoeri+k2
First of all i did not mean to make you change your blog site - I was just pointing out that the law applies to everything no matter how small.

Second, are you sure about this? My understanding is that if you use third-party tags such as analytics you need to get consent from users and not to use them if they don't consent.

One other thing that is not clear to me is if we need cookie prompts, and how can we implement cookie opt-ins/outs without being able to set cookies.

replies(2): >>spiral+V9 >>sdoeri+wy6
◧◩◪◨
6. spiral+V9[view] [source] [discussion] 2018-05-18 12:54:41
>>zerost+a9
IIRC, the cookie law applies only to third party cookies. So you can freely set a first party cookie to store their opt-in/out.
◧◩◪◨
7. sdoeri+wy6[view] [source] [discussion] 2018-05-22 13:08:29
>>zerost+a9
I am sure. At least in Germany the respective privacy protection agencies (federal system so multiple agencies have their say) already stated, the "pure" analytics and "pure" advertising is ok without opt-in, only an opt-out needs to be provided.

If you do linking of such stuff (like Google Analytics with DoubleClick) you need an opt-in. Only then the opt in cookie banner is really necessary.

Please excuse the late answer - was on holiday.

[go to top]