Hi,
I’m currently setting up a new Akkoma node and both docs as well as my google-fu failed me. I wondered how anyone’s handling the GDPR stuff, especially cookie consent banners?
Here’s my understanding of it, not a lawyer;
Cookie consent banner aren’t required by gdpr, it’s just an implementation that websites started to do. gdpr is about processing of personal data. There are several cases under which this is allowed. When you want to handle personal data outside of these cases, you need explicit consent. Afaik, Akkoma doesn’t handle personal data outside of these cases, so doesn’t require extra consent. If websites have such cookie banners, it means they are handling personal data they shouldn’t need to, and they decided to use such cookie banners as a consent form.
If there are things Akkoma should do that we don’t know of, then input (preferably from someone with proper knowledge/understanding of this, or at least founded on some proper sources) is welcome I think. That way it can be fixed in the software for everyone.
The TL;DR to your question is that I personally don’t do anything extra bc I don’t assume it’s needed (but I could be wrong).
3 Likes
Thanks for your input! You’re right with the technical necessary cookies, where no consent and therefore no cookie banner is obligated. I just blindly assumed so.
Leaving this for anyone else looking for information on this topic in the future:
The cookies set by Akkoma (__Host-pleroma_key and userLanguage) are
- first party cookies
- technically required to use the website
- thrown away at the end of the session
This classifies them as cookies necessary for using the website and therefore no user consent is required.
Source: Cookies, the GDPR, and the ePrivacy Directive - GDPR.eu (scroll to “Cookie compliance”)
Hence: I’m not a lawyer either, just wading through all the different regulations (GDPR, ePrivacy).
3 Likes