Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The most likely first steps in the UK is that ICO will get in touch and tell you you've done something wrong and need to fix it. Courts and enforcement penalties come later if you persist, or your infraction was signficant.

I run websites, and I don't feel in any way worried about it personally.



Right, and the easiest way to fix it is to throw up a cookie disclaimer and forget about it. So disclaimers become ubiquitous.

Are you familiar with Proposition 65 in California? Any product of business location that has any detectible amount of carcinogens needs to disclaim that it potentially contains carcinogens. Among other things, gas stoves and roasted coffee both contain trace amounts of carcinogens. So most restaurants and coffee shops display Proposition 65 warnings. Said warnings have become so ubiquitous that nobody cares about them. The same scenario is playing out with cookie disclaimers.

> Except there's no such thing as a cookie disclaimer as I said in another comment. Extra tracking/data processing has to be opt in, and you have to provide the service to the user even if they don't opt in, so you can't just throw up a notice that says you might not be compliant because you still need to be compliant.

Yeah, they do exist. And you can find them on plenty of sites that block content unless the disclaimer is accepted. You may be of the mind that this is not complaint with the legislation, but reality demonstrates otherwise.

> Prop 65 is different. The cookie law is like saying "if you sprinkle extra carcinogens in your product then you need to disclose it".

This is making the same error as the washing hands analogy. This ignores the fact that cookies are necessary to power user-facing features.


> Right, and the easiest way to fix it is to throw up a cookie disclaimer and forget about it. So disclaimers become ubiquitous.

Except there's no such thing as a cookie disclaimer as I said in another comment. Extra tracking/data processing has to be opt in, and you have to provide the service to the user even if they don't opt in, so you can't just throw up a notice that says you might not be compliant because you still need to be compliant.

> Are you familiar with Proposition 65 in California?

Yep, it's irellevant.


Prop 65 is different. The cookie law is like saying "if you sprinkle extra carcinogens in your product then you need to disclose it".


> This is making the same error as the washing hands analogy. This ignores the fact that cookies are necessary to power user-facing features.

I don't know if you're doing this deliberately or not at this point because I've said it so many times.

You. Are. Allowed. To. Use. Cookies. Under. GDPR.

There are times you need to ask for consent, but for login cookies, shopping carts etc. that follow some relatively simple guidelines, you don't need to ask for permission.

Do you really find that so hard to understand?


> You. Are. Allowed. To. Use. Cookies. Under. GDPR.

Until a government bureaucrat decides that your usage is not necessary and they threaten you with a fine.

You are not the one enforcing these laws. What you think is a reasonable interpretation of these "relatively simple guidelines" is no guarantee that a government commission is going to reach the same conclusion. Do you really find that so hard to understand?


If the ICO decides you're in breach of the rules, and has reached out to you to help you comply and you aren't receptive you're just going to end up in court and you can argue your case there, and if you can't trust your courts then you've got other problems.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: