You see cookie alerts all over the place these days? Do you need one?

If you do business in Europe, you'll need it.

I also typically say you should build your website around the strictest of rules.

The Easiest Solution: Don't use cookies. Don't track your users

This might sound a little idealistic to some people, but I strongly suggest you don't track your users.

For analytics, track your website usage without keeping track of individual users -- use a service like Fathom to do this.

https://www.iubenda.com/en/help/5525-cookies-gdpr-requirements https://www.iubenda.com/en/help/23672-gdpr-cookie-consent-cheatsheet

Europe's General Data Protection Regulation GDPR // California's Consumer Privacy Act CCPA // Australian Privacy Principles APP // LGPD

What does this mean for auth?

https://curity.io/resources/learn/privacy-and-gdpr/

https://www.linkedin.com/pulse/gdpr-microservice-security-compliance-question-michael-poulin/ https://supertokens.com/blog/are-you-using-jwts-for-user-sessions-in-the-correct-way