undefined | Better HN

0 pointsJochim4y ago0 comments

> “Page views per session”, most likely not essential (though you can make the argument they are), but if you’re not installing an identifier on the user to track them (for example, they’re signed in and you’re aggregating as such), then you don’t need to ask for consent.

GDPR might allow for this but other data protection laws might not. In the UK if you want to use an authentication cookie for any other purpose you're required to request permission[0]. Weirdly the guidance also states that consent is also required for persistent login cookies.

[0] https://ico.org.uk/for-organisations/guide-to-pecr/guidance-...

0 comments

scrollaway4y ago

Yes, you're quite right; I'm talking about GDPR, but other data protection laws may apply and may be stricter.

Also, these are general guidelines and may not be compliant to 100%. But the clients I deal with do not usually need to worry about absolute compliance, otherwise they'd be hiring teams of actual lawyers, not me.

j / k navigate · click thread line to collapse

0 pointsJochim4y ago0 comments

[0] https://ico.org.uk/for-organisations/guide-to-pecr/guidance-...

0 comments

scrollaway4y ago

Yes, you're quite right; I'm talking about GDPR, but other data protection laws may apply and may be stricter.

j / k navigate · click thread line to collapse