So almost every GDPR cookie consent banner out there has a section for “legitimate interest” cookies that they can leave on by default and you will inadvertently accept even if you choose “Reject all” unless you go to the detailed settings and disabled those too.
Some of them have dozens of legitimate-interest cookies.
I read some articles about what they are and why it is allowed to keep them on by default, but they were very vague. So can someone explain it to me like I am five?

  • chuso@kbin.socialOP
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    OK, so all the explanations I saw were vague because the law itself was vague. That looks quite like a loophole to have passed!

    • nogooduser@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      The rule itself is not a loophole.

      To use legitimate interest as a reason to process data you need you be able to argue that you do actually have a good reason to do so and that the user would expect you to process it.

      For example, I think that websites have a legitimate interest in anonymously tracking your browser behaviour to analyse performance data and errors so that they can improve their app.

      The loophole is that advertisers use it to process way too much data (when they are pretty much the reason for the bloody law in the first place) and that nothing is done about it.

    • amio@kbin.social
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I know right? Now, I’m not a lawyer, but it seems interesting because of what it isn’t. 1a through e are consent, needed for business, legal obligation, (your) vital interests or another being, or public interest/authority.

      So after all that, you have to figure… what legitimacy’s left?

    • CanadaPlus@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      GDPR is pretty airtight in general, so I’m guessing we’re missing something.

      Edit: Hmm, it looks like the definition is left up to the courts of individual countries. That’s not great.

    • athos77@kbin.social
      link
      fedilink
      arrow-up
      3
      arrow-down
      4
      ·
      1 year ago

      Just a reminder that there’s never such a thing as “a loophole”. What there is is a carefully-worded, innocuous-sounding phrase that some corporation “helpfully” got added to a law or regulation (usually “for clarity”), and which the corporation already plans to mis-use in a given way should the appropriate circumstances arise (and in contradiction of all “we should never do that!” protestations they might make prior to the law or regulation taking effect).

      Again, there is no such thing as “a loophole”.