@Em0nM4stodon
That EU law does not require a #CookieBanner unless the web site wants to track your clicks or sell your data.

Because people do not understand this, they think "stupid EU law" instead of...

- "website owner has no respect for consumer rights"
- "website owner has no solid business plan and just hopes for a few bucks from the advertisement industry"

#GDPR

@tynstar @Em0nM4stodon you can track clicks without necessarily needing a cookie banner. Plausible or a properly configured Matomo will do just that.

On the other hand, if you need to embed contents from sites such as YouTube, Twitter or Facebook, whose embeds have trackers, you need to ask for consent before loading those embeds, and a cookie banner is a common way to do that.

@Ash_Crow @tynstar @Em0nM4stodon de jure plausible actually needs consent when done on the frontend. Not because of GDPR but because of telcom laws in most if not all EU countries. Theres need for consent to send anything from a customer device unless it’s required for requested functionality. Analytics is not one of them and in this case there’s no “legitimate interest” like in GDPR.

In general backend tracking is a future for all law abiding companies.

@hey @Ash_Crow @Em0nM4stodon
Hmm, what does "backend tracking" mean? If it's about individuals' actions ("user journey" based on user IDs or pseudonyms), I'm pretty sure it counts as data processing as defined by GDPR, for which you would need explicit consent.

(Disclaimer: I'm not an expert.)

@tynstar @Ash_Crow @Em0nM4stodon I’m an expect (from tech PoV) and I work on this topic heavily with a legal team that are actual experts.

I’ll give you an example KPI: how many users use „add to fav” that is below the „add to cart” button, per region, per language used.

Frontend tracking: custom event, sent via JS with some GA dimensions.

Needs consent not because GDPR (as long it’s anonymous), but becase telco laws.

1/2

@tynstar @Ash_Crow @Em0nM4stodon Backend: controller gets „add to fav” sends an event with explicitly anonymised data further. No consent needed, it’s a side effect of already given data.

Event: action: fav_add, item_id, language, region

Then to be fully compliant we need to ensure we aggregate all regions in a GDPR compliant way, e.g. if a region has just 2 users, we need to remove it or bundle into „others” so it’s impossible to deanonymise the user.

2/2

@tynstar @Ash_Crow @Em0nM4stodon in big corp I work for we did this as an experiment to a website I own and it was a big success. We got rid of any client side analytics, got rid of consent prompt. Users are free of this shit and yet we still get all the KPIs the product management needs. Some of them we had to design better tho to make it possible without a consent.

Now we spread it all over the place and perhaps some day most of our websites will be consent free.