Self doubt stems from here.

  • AstridWipenaugh@lemmy.world
    link
    fedilink
    arrow-up
    42
    arrow-down
    1
    ·
    1 year ago

    Dude, I had this exact conversation with our compliance team. They told me I couldn’t write literally anything client-side unless the user agreed. They also insisted that I always show the cookie banner if there wasn’t a cookie. Dumbest shit ever. Used the litany of user bug reports on day 1 to tell compliance to go fuck themselves.

    • Knusper@feddit.de
      link
      fedilink
      arrow-up
      43
      arrow-down
      2
      ·
      1 year ago

      The GDPR literally does not apply for non-personal data. I don’t get why companies are so ridiculous with their cookie banners. Nevermind that they have no qualms violating the GDPR in plenty other places.

      • rifugee@lemmy.world
        link
        fedilink
        arrow-up
        19
        ·
        1 year ago

        Especially the ones that are so fucking obnoxious that you have to go through it to even view the site. I don’t bother most of the time. The banner should be unobtrusive AND there should be a button that rejects all. I shouldn’t have to go and click edit preferences, uncheck a bunch of check boxes, the click confirm. There are some sites that are doing it correctly, but they are few and far between.

        • Kayn@dormi.zone
          link
          fedilink
          arrow-up
          26
          ·
          1 year ago

          A single Boolean to no longer show a cookie banner is not personally identifying data.

    • MooseBoys@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Don’t be so quick to dismiss the feedback from compliance teams. It’s possible TOU are written such that you really can’t store data on the client without agreement. It’s also possible that other regulations besides GDPR apply that you may not be aware of, for example those specific to banking or health.

      • AstridWipenaugh@lemmy.world
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        1 year ago

        We’re a global company making enterprise software. We have all the certifications including really nasty ones like FedRAMP and HIPAA combined. GDPR is a walk in the park comparatively. I’m well aware of the details and deal with compliance on a nearly daily basis. The only justification was “just to be safe”, which is why they quickly acquiesced to storing the string “false” after pushback.