End user privacy out of the box
Regarding the EU privacy regulation, one should NEVER automated collect any data that is not necessary for providing your product.
I incorporate this as basement in all of my web projects.
What about third party services?
Just avoid as much as you can, look for local developers who can if you can’t.
- Want a webfont? Host it local on the server, dont use google font service.
Did i mention cookies?
No. You NOT ask for cookie permissions. You ask for (third party) service connection permissions. If the connection is permitted, the cookie permission is included.
I see websites listing tons of cookies their website never uses or only on the admins when they log in. In addition to it every little web based third party is listed i know and others i never heard of. Often for features that are easily to develop with little time effort.
Did i mention to ask for a local developer (like me)? If you dont know how much time it would be, you may get an offer with a little more information on the time (5h vs 150h). Asking more then one developer costs you little more time but can take you a large step further.
List the cookies each directly to the service it belongs. Since every service gets a single permission, the related cookies are always listed beside.
What is the benefit for the website owner?
Its legal! Simple story bro. I believe that all other pages that are behaving different are always with one foot in the near of privacy flaws. You have the chance to improve your customers trust and expierience on the website. It brings an „AHA“ effect when users check that „NOW“ happens this and „THEN“ happens that.
Otherwise: A hacked third party would be more then enough and thats no fantasy plot and you would have to inform the privacy office and maybe your customers.