Regarding cookies and such, all it does is warn people (and give them the opportunity to decline) instead of storing them behind their back.
but to be truly 100% compliant, you also have to tell them
- what exactly is stored
- where it is stored
- how long will it be stored
- a person to be called for more information and/or for asking personal data removed
DTB is a no-profit not commercial website, and a lawyer suggested us to write
this page (don't worry, it's a php that only loads a text file).
so, I assume a true GDPR agreement should look this way, with points and a name/email/contact to someone who cares. In our case .. it's me (and I am not the web admin).
Someone commented "too much semi-legalese", which means "not clear, and it sounds too much lawyer's stuff", well ...
Are people annoyed we ask them for permission?
precisely what we found in our comments on MessageWall
and I do find it a bit "funny"
Regarding locating users, it's never 100% foolproof depending on their network, so relying on that to decide whether they are or are not EU citizens is way slippery and a potential way to infringe on the GPDR. Many or most businesses will not even bother.
A lot of websites, including Amazon and eBay, use the "
whois" service to geo-locate users because this makes sense for choosing the correct language.
e.g.
if the incoming IP is located in Italy, then the website chooses language=Italian
if the incoming IP is located in UK, then website chooses language=English
etc ...
(if the incoming IP is located ... try to access those websites from a Proxy located somewhere else, and see how the website reacts about the default-language)
Amazon has an internal statistical engine that also tries to understand the psychology of users, e.g. which color is the best option regarding users of a specific area comparing the color of the button with the number of click on it and purchases ...
I have never read it, neither clicked on "I do understand and I agree with this", I know it because there is a friend who works for Amazon and she told me it.
In theory, a website should ask for the permission, even for checking the correct language
(p.s. about permissions ... in theory,
Giano (it's our defensive system) is violating the GDPR when someone doesn't agree with the site agreement because the firewall always logs and checks the IP's localization, banning the visitor if the IP comes from a VPN, Proxy, or public area ... which is exactly from where spamming-bots usually come)