Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

An organisation as large as the NHS/UK GOV is not going to have their own in-house analytics solutions. And I believe even that would require a cookie policy to be displayed under the (current) legislation.


Or alternatively they could just not do any tracking or analytics based purely on the server logs.

There is always a choice. It is not the law that makes them display this, it is their choices that made them need to comply to the law.


I imagine they’re using analytics to improve the website, not to sell you more medicine. Imagine running a hospital without knowing where you had queues, people getting lost, broken doorways, etc. Analytics is just that.

I guess you’re worried about it being used more nefariously, especially by the third-party trackers themselves. If so, I’m also a little concerned about that, but I think the good probably outweighs the bad.


I mean they literally have Google and Microsoft analytics cookies in there.

I am aware that they are doing this to improve their website, but I don't get why so many are saying that it is because of the EU law or that it is a bad law.

Yes they have to show this dialog because of the law, but they decided that it is worth it for their analytics. That was their decision. They could also have said that they would be fine with less analytics and less tracking and gotten rid of the dialog. It can also not see why it is a bad law since it is exactly doing what it is supposed to do: Prevent or inform about tracking by the Tech giants. M$ and Google don't really have a huge amount of trust from the general public that their tracking is the good kind.


You can't do any form of user testing or heatmaps with server logs. And whilst real user testing is undertaken, sometimes the passive collection of heatmap data etc. is best done in an unbiased environment (i.e. you don't know you are being tested).


There are plenty of open-source analytics tools that you can self-host, like Open Web Analytics. You can gather all the information you need for usability testing without handing it over to a third party and compromising the privacy of your users.


Of course they can, but there is always a cost of hosting your own infra. There is a strong argument for the gov to be doing this in house, but I suspect it's not 100% the case and individual departments have the freedom to put their own tracking codes on their own site.


What if they ask for permission in a less intrusive way? Like I dunno, send people an e-mail after using the site once with clear information?


They could make the prompt less intrusive (on average) by only asking a random sample and just not tracking the rest.


Well, you will need GDPR checkboxes/disclaimers and a form to capture email. How is this more user friendly?


Self-hosting is a greater burden for larger organizations?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: