HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sqrt2

no profile record

comments

sqrt2
·قبل 4 سنوات·discuss
The Google Fonts case was decided based on the transmission of the full IP address in a jurisdiction (Germany) where there are ways to identify a user by means of that address. CNIL's press release follows a decision by the Austrian data protection authority where the Google Analytics cookies were at issue.

If you can read German, you can look at the Austrian decision directly, the complainant has uploaded it at [1] and the relevant section is D.2 b) starting at page 27.

[1] https://noyb.eu/sites/default/files/2022-01/E-DSB%20-%20Goog...
sqrt2
·قبل 4 سنوات·discuss
Strictly necessary cookies for a service the user explicitly requested. And, importantly, this is true even if no personal data is involved and the process is therefore not covered by GDPR at all -- the cookie clause of e-Privacy Directive applies regardless.
sqrt2
·قبل 4 سنوات·discuss
You're making the mistake of thinking that the cookie consent requirements are somehow a consequence of GDPR. The cookie consent requirements exist separately from and additionally to GDPR as a consequence of the e-Privacy Directive. What GDPR changed in regard to cookie consent is what exactly constitutes "consent", as it updated the Data Protection Directive in that regard, but it did not change when consent for cookies is required.

Other than court judgments, the Article 29 Working Party opinion is the most authoritative opinion you will get on the interpretation of the e-Privacy Directive, which is the "real legislation" that you need to look at.

edit: Nobody claims that the e-Privacy Regulation is in effect, by the way -- of course it isn't, it hasn't even been passed. The cookie consent clause of the e-Privacy Directive is however in effect, and has been since 2009.
sqrt2
·قبل 4 سنوات·discuss
It is not true that "functional" cookies are generally exempt from the consent requirement. What is concretely exempt are necessary cookies for a service that the user explicitly requested. This is not the case for cookies placed by Instagram embeds.

These are the guidelines on consent exemption by the Article 29 Working Party (the European Data Protection Board's predecessor) that explain it: https://ec.europa.eu/justice/article-29/documentation/opinio...
sqrt2
·قبل 4 سنوات·discuss
The website tried to rely on legitimate interest as the legal basis for processing the data, and that precisely requires a balancing test between the interests of the website host and the interests of the data subject.

If you want to make sure that you're not getting the balancing test wrong, you can always go for the legal basis of last resort: consent. Just ask the user whether you can load content from Instagram and only do it if they agree. In fact, since in parallel to the question of your legal basis under GDPR, you also have to comply with the cookie provision from the e-Privacy Directive, where there is no "legitimate interest" exception to the requirement to ask for consent, you will have to ask for consent anyway (as Instagram embeds place cookies).