> Right, and now you get sued by a group claiming that you don't need carts for non-logged in customers.
That's not it works. Someone complains to the Information Comissioners Office (ICO). ICO determine if the complaint is valid and will get in touch with the site owner to help them come into compliance.
> Or you can just throw up a cookie disclaimer to cover your ass.
There is no such thing.
You have to make unecessary data collection and tracking opt in. You can't have a notice that says "we might do x unecessary data collection and/or tracking" and make the user click it or go away. You need to be compliant, or you need to not serve the European market.
In some countries your competitors or some other third parties can just directly send you a cease-and-desist letter if they believe you're violating some law.
Even if that letter turns out to be unfounded because it turns out that implementing a shopping cart using cookies without an explicit consent is a legitimate use case, they're quite a bit more of a hassle to handle than your supposed friendly ICO just "get[ting] in touch with the site owner to help them come into compliance".
So one more reason to err on the side of over-caution and just put up a popup for any kind of cookie...
That's not it works. Someone complains to the Information Comissioners Office (ICO). ICO determine if the complaint is valid and will get in touch with the site owner to help them come into compliance.
> Or you can just throw up a cookie disclaimer to cover your ass.
There is no such thing.
You have to make unecessary data collection and tracking opt in. You can't have a notice that says "we might do x unecessary data collection and/or tracking" and make the user click it or go away. You need to be compliant, or you need to not serve the European market.