There’s no need to reiterate much about GDPR law and everything that came with it. In one moment nobody didn’t care about it like it’s just another obscure and annoying EU law. Then few weeks before actual enforcement date, the most companies started to implement some kind of implementation.
The major issue was consent requirement for advertising profiling cookies. Even the biggest advertising agencies like Google’s AdSense waited last minute to roll out some useful code and tips regarding profiling and cookies. Not to speak that almost all other advertising companies are even worse. It seems that everyone is waiting to see some reactions from EU enforcement bodies and in the meantime pushing their tech in the same fashion.
So what are your choices regarding GDPR law?
There are few:
- You can ignore it
- You can partially comply with it
- You can fully comply with it
There are quite a lot of webmasters who say: “I don’t have EU visitor so I don’t care”. This is a bold statement, hardly true for an open public website, but if there won’t be any enforcement those people might become the smartest.
The gray zone of partially complied websites is the largest, and compliance varies from those who only put cookie notification without any possibility to deny consent, to those who are categorizing cookies on “mandatory” ones and “non-mandatory”. The options are even pre-checked. Even big G is doing that all over the place.
GDPR law is clear, no mandatory cookies and no pre-checked options. So obviously it’s far from full compliance.
The third option is … well … non-existent in the wild. Even if you are running a website on your own code and made sure no cookies were set you might have ad or analytics partners whose code you can’t control. Maybe you can if you remove their code but that’s not the point.
You can get the code on GitHub.