Hey GitHub did a good thing: https://github.blog/2020-12-17-no-cookie-for-you/
@sir Still a move in the right direction
@brandon I dunno, it seems like a pretty headline to get good press for complying with a stupid law and not actually changing their behavior in meaningful ways
@clacke @sir @brandon the law doesn't say you have to use a banner. It's a stupid misinterpretation of the law.
There is literally no nothing that talks about cookies. What they talk about is use of personally identifiable information (tracking cookies is one of those things).
The banner itself also is a not enough to get you out of abusing personally identifiable information. The site also should not track you by default (the banner should make it as easy to opt out as it is to opt in).
Based on their post, it seems as though Github is in compliance. Their previous banner was either unnecessary or not enough, depending on what their previous behaviour was.
Now all the of t his assumes the law is actually being enforced, which we haven't seen much of yet. There are some cases slowly making their way through the system, but I don't think expect to see anything in a while. The fact that nothing has happened yet is why people think that the cookie banner is enough to keep the theory illegal activities legit.
It is “planned” to ban the bad patterns which I partly described in https://conf.tube/videos/watch/4102f53a-3f91-46c1-bb9b-fb954990f023
Asked many question in details to EU Commission regarding #DigitalMarketsAct …
@wolf480pl @clacke @sir @brandon that's true, but GDPR is overriding that one, no? In any case as far as I recall even the old one didn't require banners in the way websites implement them
Yes, this is primarily about not using third-party cookies, not letting ads and analytics (specifically from GitHub) track you across websites
Cookies are just a technicality, what GDPR regulates is personally identifiable information - be it a cookie, be it a device fingerprint. At the same time GDPR doesn't require explicit consent for essential data like you don't have to consent to your IP being stored in Nginx logs for a brief period of time or Django setting session cookie.
@brandon Very interesting. Especially for a website of their size.
@brandon they still use analytics, just without cookies.