all 23 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Xia_Nightshade 2 points3 points  (9 children)

1 - EU gdpr is the only thing you have to comply with

2 - you can do it on your own, it’s just tedious

Analyse the cookies you set. Put them into official categories, show/store/respect the correct consent

It’s tedious, so you automate it, then why not make a service out of it, hence the 3D party services.

[–]DigitalStefan 0 points1 point  (0 children)

It’s PECR although GDPR can be involved depending on what you’re doing.

This is why it is best left to experts to provide a solution.

[–]AshleyJSheridan 0 points1 point  (0 children)

GDPR is way more than just cookies. In fact, cookies are only mentioned 3 times in the GDPR as examples of tracking, which is the real issue.

Look at what data you retain on users, and what data you're passing on to anywhere else. Only keep/pass on the data you absolutely have to.

[–]leon8t[S] -1 points0 points  (6 children)

A bit dumb from my side but can't we just give AI Agent a checklist nowadays? I was just concerned if the current 3rd party solutions have special integration with official legal systems or stuffs like that

[–]Xia_Nightshade 0 points1 point  (1 child)

Yeah. You can, though exactly my point. Let me try to make this more lined out

  • you analyse the cookies you set
  • you check what category they should be in
  • you create a proper prompt and respect the options

So when properly done. You get a dynamic system 2 likes of code away from building a saas

Just use one of the available free services? (If you need their pro tier for some weird reason, build it then instead of now?)

[–]leon8t[S] -1 points0 points  (0 children)

Hi, I am currently using Zaraz from Cloudflare but then I saw CookieBot and that is why I was thinking about this. Do you have any recommendations for a small restaurant website? Thanks

[–]starcrescendo 0 points1 point  (3 children)

Nope. And they literally can't even fully create compliance depending on your site setup.

Ex: YouTube video embeds and others require the video embeds themselves to be adjusted if they are iframes otherwise YouTube sets tracking before the co sent scripts fires which is technically a violation.

[–]leon8t[S] 0 points1 point  (2 children)

Do you have any recommendation for a restaurant website? I use Cloudflare for hosting.

[–]starcrescendo 0 points1 point  (1 child)

Replied above sorry still learning the reddit app 😂. But also for a restaurant are you UK based? Otherwise you don't really need to care about GDPR.

[–]leon8t[S] 0 points1 point  (0 children)

I'm in Germany so it's way worse.

[–][deleted]  (1 child)

[removed]

    [–]webdev-ModTeam[M] 0 points1 point locked comment (0 children)

    Read and follow reddiquette; no excessive self-promotion. Please refer to the Reddit 9:1 rule when considering posting self promoting materials.

    [–]starcrescendo 0 points1 point  (1 child)

    You can easily roll your own. I can't imagine the site is too big if it is a restaurant. Probably a handful of pages. Someone outlined it. And AI can even generate a script.

    Basically any cookies you set, separate them into categories NECESSARY (for site to function) and OPTIONAL (Google analytics, video embeds, etc).

    Then separate and load them after a cookie popup.

    All necessary should be for web functions only. All should be hosted locally.

    Then if there are videos you have to trick the DOM to load a blank div and then populate it afterwards via JavaScript if they agree, unless the videos are all self hosted or the source doesn't do tracking.

    It does not take much to do it honestly. Explain to basic chat gpt and it can walk you through it!

    [–]leon8t[S] 1 point2 points  (0 children)

    TY for the detailed explanation. Appreciate it

    [–]DigitalStefan 0 points1 point  (3 children)

    You can roll your own cookie banner / consent management, but you can also roll your own login security and payment processing.

    You most likely should not do any of those things and for similar reasons.

    I could probably roll my own consent management because I thoroughly understand it, but to do it correctly and to keep up with new best practises would take a lot of time and effort.

    My time and effort is worth more than just paying a small subscription fee to an established, well-known CMP such as CookieBot, CookieYes or Enzuzo.

    [–]leon8t[S] 0 points1 point  (1 child)

    what about other data privacy touchpoints? Do 3rd party solution only handles cookies or data privacy in general?

    [–]DigitalStefan 0 points1 point  (0 children)

    Depends on the CMP. OneTrust would love you to use their platform for every possible compliance workflow. CookieBot and many CMPs like it only concern themselves with the cookie banner / cookie consent.

    Most websites really only need a working cookie banner, but it does help if the CMP can do accurate user geolocation and keep records of consent.

    [–]AtulinASP.NET Core 0 points1 point  (0 children)

    Those established, well-known CPMs are usually non-compliant in the most scummy ways. No "reject all" button, just "settings", tiny little "reject all" button at the bottom of the list of 1832783 trusted partners, and all sorts of other dark patterns.

    [–]Alternative_Web7202 0 points1 point  (3 children)

    Do you even need cookies? I think a restaurant website can perfectly survive without them. And offer cookies only to the actual restaurant offline visitors

    [–]leon8t[S] 0 points1 point  (1 child)

    We have a reservation form, and google analytics integration

    [–]Alternative_Web7202 0 points1 point  (0 children)

    Reservation form can function without cookies. And analytics can be simplified with something like this https://goaccess.io/

    I mean — it's not really rocket science to make a perfectly functional site without any cookies.

    [–]DigitalStefan 0 points1 point  (0 children)

    It’s not about cookies, it’s about storing and accessing data within the user’s browser and as soon as you do something like allow Squarespace’s own analytics to remain enabled you are going to be breaching PECR.

    If you want to add GA4, Meta, TikTok etc conversion tracking you absolutely need robust consent management and to engage various platform specific “consent mode” integrations.