this post was submitted on 25 Sep 2023
75 points (98.7% liked)

Asklemmy

43856 readers
1784 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

Many websites have a - huge- part in their cookie wall, called 'legitimate interest'. I never allow them and i wonder; is this just a loophole to be able to force certain cookies on us anyway?

I can't imagine it is harmless, but i never hear anyone discussing these type of cookies.

EDIT: Everyone, thank you so much for taking the effort to answer. These replies were very helpful and often quite detailed. I've read them all and it certainly gives food for thought. I also read that EU page, which is indeed not really clarifying much.

I agree that we need to do as much as possible to block all these invaders of our privacy, though it is ridiculous that we have to make so much effort to protect ourselves. And i know many people around me, who just let it all happen and are sometimes not even aware of such things as trackers. And honestly, they shouldn't have to be aware, it is infuriating that these things are either allowed, or those companies taking the - small - risk to get away with it, because most people won't bother with law suits and what not, certainly not when so many websites have these shady practices...

Again, thank you; i'm glad i asked :-)

you are viewing a single comment's thread
view the rest of the comments
[โ€“] jmcs@discuss.tchncs.de 20 points 1 year ago* (last edited 1 year ago) (2 children)

The legal definition in the GDPR is:

processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The European Commission has a page expanding on it.

As you can see it's very vague, and it will probably take several court cases to define the boundaries.

Edit: there's currently a request to ECJ from a Dutch court to define the main boundaries (Case C-621/22) and there was already another (c13/16) setting some limits.

[โ€“] 1c5473@lemmy.ml 6 points 1 year ago (1 children)

True but the GDPR is not the primary legislative instrument here since it deals with general rules for processing personal data. The ePrivacy directive (or PECR in UK) is more important when it comes to cookies since it deals with electronic communication.

The ePrivacy directive states that cookies and similar tracking technologies can only be dropped on a user device after obtaining consent, i.e. no other โ€˜GDPRโ€™ legal bases such as legitimate interest are available. There is an exception for cookies that are essential or strictly necessary for the website to work. In such cases no consent needs to be obtained. This exception is narrowly interpreted by most EU supervisory authorities.

This may be subject to change though since the ePrivacy directive is in the process of being replaced by the ePrivacy regulation which is said to outline new rules for cookies.

[โ€“] MudMan@kbin.social 2 points 1 year ago

The practical way this seems to be implemented is that sites report the bulk of cookies and default to off to comply with GDPR, then list a subset of cookies as legitimate interest-based and default those to on with an ambiguous "object" setting.

Guessing the idea behind it is legal advice that legitimate interest swaps from one ruleset to another, but like the previous poster said I'm not sure how well any of this is tested.