This is the problem with the catch-all EU regulation. They needlessly create regulations that are so vague and broad that even completely bening activities are prohibited and you need your own law department to understand what exactly is required. Can't wait for the yet another button-clicking exercise when you will have to accept all the ToS of reCAPTCHA. Similar situation happening in the AI regulations. They are not sure what AI is or what it can do wrong, so they just slap a bunch of red tape on top of it and call it a day.
Stop tracking people and you need no consent and banner.
BTW the sides could simply respect the Do-Not-Track flag but somehow they prefer to annoy their users, just like it's on purpose to blame privacy laws.
I see no mention of reCAPTCHA tracking users. They are "sending data about device and application data", which seems like a completely natural thing considering what reCAPTCHA is used for.
Since the reCAPTCHA code is loaded from the google.com domain, among others, the tool automatically gains access to cookies that are set for logged-in Google users. One of the cookies is called NID and contains a unique user ID that is also used for Google Signals to recognize users even across devices. In this respect, it is almost irrelevant from a data protection perspective whether reCAPTCHA (situationally) sets further cookies or not.
In addition, reCAPTCHA also accesses the domain gstatic.com. As can be read on Google websites, this domain is also used by other tools. Thus, cookies can potentially be exchanged via this domain.
I'm pretty sure that's not the case. The EU law is pretty vague, specifying only that data is stored on your terminal. Local storage also counts. You might not be doing anything with it, but you still need the consent.
But google is thirsty for data too, and has to be stoped too.
I still believe that the first step to stop tracking should be done on client side (block 3rd party cookies by default, delete cookies on tab/window close, except those manually whitelisted, to stay looged in), but google still collects way too much data on all of us.
"fully benign" yes I'm sure Google is providing the service for free and not relying on the data it collects...
Though you're right that captcha/fonts etc should have been benign uses, if it could be anonymized/proxied then maybe that would have been a good solution.
Ugh, yeah, why should private commuters have to adhere to traffic laws if we can just apply them to commercial drivers exclusively.
But more seriously, that's not how it works. The regulations are already very permissive for smaller businesses. The heavy fines exist for the worst offenders. If you can demonstrate you made a conscious effort and just fell short and have already started trying to make amends when notified, that's often good enough. Of course if you just throw your hands up and decide privacy is just too hard, you'll be treated like any other loose gun.
