8
GDPR
(lemmy.world)
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
As far as I am aware, a user authentication cookie is classed as personal data and therefore subject to GDPR!
Wouldn't the auth cookie fall into the strictly necessary category?
I'm no expert so hopefully someone will be able to chip in. I know when I have dealt with GDPR stuff, there has been quite a lot of conflicting opinions!
Even if it is not required to get consent for that, I think there is also a requirement around explaining to the user what they do and why they are necessary.
I'm also no expert, just trying to learn more about the topic as it's kind of interesting to see how other people are interpreting it.
Just as an example, this is Reddit's cookie notification compliance - so something similar to this should be presented so that I know what the cookies are used for in plain language and can accept or reject any non-essential cookies. I should also be able to give or withdraw my consent at a later time.