Thanks, appreciate it. I definitely misunderstood ‘legitimate interest’ cookies as ‘strictly necessary’. It looks like the laws are vague and still in development. I’m not in the EU but it’s been fun diving into this discussion and the laws!
Nice, this is also what I found. More from the GDPR website but still vague.
There are 2 more questions it sounds like OP is asking -
I didn’t see any answers to these questions in my quick read-through. Nothing about default settings on the GDPR website and the menu thing sounds like obfuscation. Now whether it’s to make the cookie menu more user friendly or gather more data for the company… or both? Don’t know. The GDPR website does mention that
The rules regulating cookies are still being set, and cookies themselves are continually evolving, which means maintaining a current cookie policy will be a continuous job.
So maybe the legal side for this is still in the works.
It would help to clarify in the post that you’re interested in the legal aspects for the EU under the GDPR.
To answer your question though, on the GDPR website I thought these snippets were the most helpful:
To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:
- Receive users’ consent before you use any cookies except strictly necessary cookies.
…
Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.
…
The rules regulating cookies are still being set, and cookies themselves are continually evolving, which means maintaining a current cookie policy will be a continuous job. However, properly informing your users about the cookies your site is using and, when necessary, receiving their consent will keep your users happy and keep you GDPR-compliant.
Edit: Sorry, forgot the ELI5. As long as the website informs users why a cookie is necessary for the website to function correctly, it can be classified as ‘strictly necessary’ and not require consent. As far as what’s “necessary”… that’s still being defined and will probably be reviewed on a case by case basis.
You’re the best. These are gorgeous, thank you!
Wow, thank you! There are some great backgrounds in there!
Do you have a link for that background? It’s straight fire.
I’m sticking around to see if someone has a good spring tutorial.
That’s just cruel.