Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You are allowed a cookie that tracks their opt in to your other cookies, so long as it is anonymous (or so our lawyer tells us).

On our site, we ping whether that cookie is set before we load the rest of the cookies.



Is it acceptable to store a cookie that defaults to "false" provided it is generic? That would solve the problem of not being able to detect if cookies are enabled in the browser until you try to store them.

added: person down thread indicated that there's an API for determining if cookies are enabled for the host on your page's origin called navigator.cookieEnabled which I am shocked I've not seen nor heard of even once before today. Hallelujah. I now agree that everyone who doesn't check that before pestering people about cookies, when JavaScript is available, is literally satan.


We didn't trust using the host cookie settings because most users don't know they exist.

But we were told anonymous cookies were totally fine and within the spirit of the law. If you hit the "Accept" button, you got a cookie that allowed more cookies.


It is acceptable to use cookies in general as long as they are required for the functionality of the site. This includes logging in, shopping carts, gdpr cookiewalls, ...


Even if there was no new API, storing a cookie "just to check if it works" is not against the GDPR. It's a functional cookie.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: