Cfuid cookie and GDPR

Just noticed that a site using Cloudflare generates a ‘_cfuid’ cookie.

If it was a session cookie I don’t think that would be an issue, but the presence of a persistent cookie (especially one not set by us) means having a GDPR compliance notice on the site. These notices are a darn nuisance to visitors and I’d rather avoid having one.

To Americans this might seem a crazy issue, and yes I agree it is. Thing is, the EU is crazy, and we who live in crazyland have to comply with their nonsensical rules.

Cloudflare, if you can, change this to be a session cookie. Or allow us to do away with it.

As far as I know the cfuid_ cookie is a technical one, exempted from any Cookie Law notices and doesn’t contain any personally identifiable information so GDPR issues as well.

I don’t really agree about the EU being nonsensical, all the rules are actually applied in defense of the consumer that can and must know exactly how his data is being handled. If the company does what it’s supposed to do with the data there are no issues at all to disclose this info.


Thanks. If it’s not personal then I guess it’s OK.

I don’t agree that the EU rules are acceptable. They usually fail miserably at protecting the consumer, and instead benefit corporate interests.

The cookie notices are a case in point, because if you don’t allow persistent cookie storage on your computer, you get pestered by the same popup notice every time you visit that site. The consequence is that you are forced to allow tracking cookies. It could almost have been crafted to suit the spies.

In fact, I could put my cynical hat on and say that it may have actually been designed to have that effect.

Well implementation is a different thing, for the cookies I would agree, the banner is a bit overboard. There should be a requirement for showing the same data, but bug the user at every access is absurd and useless.

We are in a way better position than the US though. That’s for sure.

It’s a bit of a Catch-22 because the only way you can avoid showing the banner each time is to set a persistent cookie.

But that cookie would be allowed without issues.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.