ADD Creative wrote: ↑Mon May 28, 2018 5:03 am
I interpret all that to mean that if a cookie is not-essential to providing a service and contains personal data or contains an ID that can be linked to personal data (I'm think of third party tracking cookies, etc.). You must ask for consent before allowing that cookie to be set and make a record of that consent.
Basically we have currently 29 different scenarios ..
The EU (with 28, next year 27) and the rest of the world (1, then 2).
Which leads finally to 25 possible solutions.
These figures may confuse, but the reality is, that we (the EC) have one (1) rule für all (the GDPR), the rest of the world another.
But now comes into play the ePrivacy regulation which will be defined new next year (or not later than 2020).
In the meantime this new ePrivacy regulation will give all EC-Contries clear advices, many of the current 28 countries have their own national regulations.
Some stronger (like Germany and Great Britain), many less.
And this is exactly the point: as long as the new ePrivacy regulation does not come in effect, I would recommend to find the smallest, common ground.
To fullfill the strongest regulation, but also make weak regulations happy.
And to offer all customers (site visitors) a unique and the same feeling how the site handles cookies.
Means also for the website owner / operator that he should
1. ask for consent > not only to display a useless button 'I agree'
2. store the consent
3. ask for consent for all cookies not beeing from group one (1): system relevant
4. act on that decision and use only those cookies the visitor has agreed to recieve
Technically there is not one reason why a website has to place any cookie on the first visit!
E.g. OpenCart stores (wether visitor wants that or not) 4 cookies immediately!
But what for?
These cookies can be also stored after the consent.
And even a question to get consent about these cookeis is not given, the Store itself (except some rare basket functions) would work (sometimes a bit heavy, but it will).
Finally it is the visitors choice not to accept any cookie - or only a few.
Not that of the website (or the person / developer behind it).
So why we are infantilize our customers that way?
To answer your question with one line:
Yes, each and every cookie which has to do with personalized data or may lead to a physical person, may only be set after given consent (which has to be stored).
The earlier we accept this (as) fact, the earlier we can fullfill the new ePrivacy which will handle exactly that way.