It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

GDPR Compliance which come into effect on the 28th of May 2018?

page: 3
4
<< 1  2   >>

log in

join
share:

posted on Feb, 22 2018 @ 02:46 PM
link   

originally posted by: EvillerBob
It's not "personal data" in the way that most people think, it's "data about an identified or identifiable person, either directly or indirectly".

When I said "personal data" I was thinking about data that shows something related to the person, that's why they talk about "unique identifiers".
If the cookie doesn't have any data that can be directly connected with the person then it's not affected by the GDPR.




posted on Feb, 22 2018 @ 03:35 PM
link   

i.e., arguably, websites may not be able to restrict access to only those who consent to the use of cookies, etc


Some cookies are used for the original purpose which is to create somewhat of a state for a stateless protocol such as HTTP.

For some websites, parts of the site cannot function properly without cookies. Hopefully such a thing would be considered.

Of course, many cookies are used just to track for marketing. Those are a different situation.



posted on Feb, 22 2018 @ 05:22 PM
link   

originally posted by: ArMaP

originally posted by: EvillerBob
It's not "personal data" in the way that most people think, it's "data about an identified or identifiable person, either directly or indirectly".

When I said "personal data" I was thinking about data that shows something related to the person, that's why they talk about "unique identifiers".
If the cookie doesn't have any data that can be directly connected with the person then it's not affected by the GDPR.


If the data is capable of being used to identify the person - directly or indirectly, so if it can be used in conjunction with other information that is gathered - it is covered. Different rules might come into play depending on whether direct or indirect, but still under GDRP.

Your username, for instance is a good example. "ArMaP" doesn't identify you, but ATS record a link between that unique username and your unique email address, which would be considered capable of identifying you. Cookies are a bit more complex, but can fall within the same bracket.

The magic word is "pseudonymisation". There has been quite a bit written about anonymisation versus pseudonymisation under the GDPR if you have too much spare time on your hands and want to get very bored very quickly...



posted on Feb, 22 2018 @ 05:30 PM
link   

originally posted by: roadgravel

For some websites, parts of the site cannot function properly without cookies. Hopefully such a thing would be considered.


This is one of the concerns. A site can be made to function without cookies, so there comes the question of whether cookies are a matter of convenience or necessity. Is avoiding the need to replace/rewrite the website software a sufficient reason for the purposes of GDPR?

Things might all work out fine, or it might become a big complicated mess. Not knowing is what makes life fun!



posted on Feb, 22 2018 @ 07:01 PM
link   
a reply to: EvillerBob




A site can be made to function without cookies, so there comes the question of whether cookies are a matter of convenience or necessity.


How would it maintain the state between pages? Have the user enter his name and password on each page?

edit:

i suppose it could be done with only page data although it might be easier to defeat security and less efficient.
edit on 2/22/2018 by roadgravel because: (no reason given)



posted on Feb, 23 2018 @ 02:25 PM
link   

originally posted by: roadgravel
a reply to: EvillerBob




A site can be made to function without cookies, so there comes the question of whether cookies are a matter of convenience or necessity.


How would it maintain the state between pages? Have the user enter his name and password on each page?

edit:

i suppose it could be done with only page data although it might be easier to defeat security and less efficient.


That's the thing - making out the case for it to be used. I'm not saying it can't be done, I'm saying that we're being forced to start asking these questions and need to work out the answers.




top topics
 
4
<< 1  2   >>

log in

join