this post was submitted on 18 Sep 2023
52 points (96.4% liked)

Explain Like I'm Five

14183 readers
15 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 1 year ago
MODERATORS
 

So almost every GDPR cookie consent banner out there has a section for "legitimate interest" cookies that they can leave on by default and you will inadvertently accept even if you choose "Reject all" unless you go to the detailed settings and disabled those too.
Some of them have dozens of legitimate-interest cookies.
I read some articles about what they are and why it is allowed to keep them on by default, but they were very vague. So can someone explain it to me like I am five?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago (6 children)

When you login to a website they need to give you a secret password so that when you go to the next page you can tell them that secret again and they will let you access information you have permission for (your Facebook wall for example). That secret is stored in a cookie and every time you go to another page the cookie is sent to Facebook so they know who you are again.

In this instance a cookie is the wrist band you get at a concert so they can easily check that you purchased a ticket. You don't want to have to show your ticket every time you leave and come back into the concert because that's slow, you just flash the wrist band and they let you in.

[–] [email protected] 1 points 1 year ago (5 children)

I know what a cookie is.
I was asking what are legitimate-interest cookies and what makes them different so they don't need explicit consent under GDPR.

[–] [email protected] 4 points 1 year ago (1 children)

They're different because you can't use the service without them. For example like with an auth cookie.

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago)

That's a functional (or "strictly necessary") cookie and those are the ones you cannot reject.
Legitimate-interest cookies are a different thing and you can indeed reject them, but they are on by default.

load more comments (3 replies)
load more comments (3 replies)