this post was submitted on 14 Oct 2023
712 points (98.6% liked)

Memes

45558 readers
725 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
712
Did I press this button the first time? (kerala.party)
submitted 1 year ago by [email protected] to c/[email protected]
42 comments fedilink hide all child comments
 

Self doubt stems from here.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 41 points 1 year ago (2 children)

Dude, I had this exact conversation with our compliance team. They told me I couldn't write literally anything client-side unless the user agreed. They also insisted that I always show the cookie banner if there wasn't a cookie. Dumbest shit ever. Used the litany of user bug reports on day 1 to tell compliance to go fuck themselves.

[–] [email protected] 41 points 1 year ago (2 children)

The GDPR literally does not apply for non-personal data. I don't get why companies are so ridiculous with their cookie banners. Nevermind that they have no qualms violating the GDPR in plenty other places.

[–] [email protected] 19 points 1 year ago (1 children)

Especially the ones that are so fucking obnoxious that you have to go through it to even view the site. I don't bother most of the time. The banner should be unobtrusive AND there should be a button that rejects all. I shouldn't have to go and click edit preferences, uncheck a bunch of check boxes, the click confirm. There are some sites that are doing it correctly, but they are few and far between.

[–] [email protected] 2 points 1 year ago

The worst is when the banner is unobtrusive, almost unnoticeable, but nothing on the site is clickable until you interact with it

[–] [email protected] 5 points 1 year ago (1 children)

Don’t be so quick to dismiss the feedback from compliance teams. It’s possible TOU are written such that you really can’t store data on the client without agreement. It’s also possible that other regulations besides GDPR apply that you may not be aware of, for example those specific to banking or health.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago)

We're a global company making enterprise software. We have all the certifications including really nasty ones like FedRAMP and HIPAA combined. GDPR is a walk in the park comparatively. I'm well aware of the details and deal with compliance on a nearly daily basis. The only justification was "just to be safe", which is why they quickly acquiesced to storing the string "false" after pushback.