GDPR cookie compliance

Question

Closed this issue 4 years ago · 5 comments

If no consent cookie then no other cookies should be set
If consent cookie is missing or declined, then no forms, which require a CSRF cookie, should be presented to the user
If no consent cookie then all pages with forms (and hence CSRF tokens) should include a modal asking for consent, and reload the page on selection

Answer 1 · 2020-04-26T07:37:49.000Z

No cookies should be set until the user has granted or declined consent to set cookies. Re-opened with new tasks.

Answer 2 · 2020-09-27T09:25:31.000Z

Brrrr, so complicated and overkill for sites like this. Maybe there is some Django add-on that does it?

Answer 3 · 2020-12-17T17:15:45.000Z

I'm going to remove it completely. The site does not use any non-essential or third-party cookies so a banner or warning is not required.

Answer 4 · 2020-12-20T12:04:17.000Z

Are you 100% sure about that? To my knowledge being restricted to first-party cookies does not remove the need for consent (or information at least).

Answer 5 · 2020-12-20T13:30:15.000Z

Yip. Quaddicted only uses functional cookies (sessions). Github just removed their cookie banner for the same reason.