admin wrote: ↑7 Jun 2021, 10:46pm
The Forum uses cookies for sessions (necessary for the Forum to work)
Unless something changed, PHPBB doesn't have to use cookies for sessions. It can use a PHPSESSID in the URL instead: plus side is you don't have to accept any cookies, but the drawback is you cannot share links to the forum as easily.
admin wrote: ↑7 Jun 2021, 10:46pm
[...] Legally, we are required to have a GDPR cookie opt-in system for the Google Analytics cookies. Like many sites we've avoided doing so, because it's technically difficult and annoying for visitors. [...] we will be adding a pop-up soon to ensure that Cycling UK is complying with the law.
It does not have to be a pop-up or annoying to comply with the law.
The GDPR cookie opt-in law is not good law, it creates annoyance on compliant sites and fails to protect privacy on sites that might be sharing your data without you knowing. But it is the law.
The GDPR cookie opt-in law is not good law because it has not achieved the desired effect of reducing data-sharing and naughty programmers have subverted it by complying in annoying ways with pop-ups, hard-to-find "decline" buttons and dancing bears.
Note: not all devices or browsers will show cookie warning pop-ups. Some will fail to execute some required JavaScript, or might already be blocking the pop-ups due to other privacy-related settings.
Having a consent request which doesn't display on non-JavaScript browsers is not complying with the law, is it? Of course, there are thousands of websites ahead of you in the firing line for that mistake. The ICO should never be short of work as long as this law exists!