alt Hacker NewsCase and point, the EU Data Protection Board has a cookie consent banner and only uses a first-party cookie for analytics.
https://www.edpb.europa.eu/concernant-le-cepd/mentions-legal...
Case and point, the EU Data Protection Board has a cookie consent banner and only uses a first-party cookie for analytics.
https://www.edpb.europa.eu/concernant-le-cepd/mentions-legal...
that might be overdoing it. I don't know where is the current case law, but IMHO storing a random number and identifying the retuning user is not PII (to count how many times that user returned).
now of course if it gets joined with other data it can become PII.
IP address is usually treated as PII, because it can have very high "selectivity" (and with a subpoena can be turned into PII, whereas a site specific cryptorandom cookie id cannot)