Removing Google Analytics is a good thing, thanks for that.
I also appreciate that you use DoNotTrack to give users a choice (even if this is not available on Safari any more).
In section "3.1.3 Granularity" paragraph #44.
"If the controller has conflated several purposes for processing and has not attempted to seek separate consent for each purpose, there is a lack of freedom. [...] When data processing is done in pursuit of several purposes, the solution to comply with the conditions for valid consent lies in granularity, i.e. the separation of these purposes and obtaining consent for each purpose"
You grouped cookies together and removed granularity of choice. I think this is against the spirit of the regulation.
Overall I think the the change is positive, but grouping cookies to avoid a banner is still against the regulation.
Removing Google Analytics is a good thing, thanks for that. I also appreciate that you use DoNotTrack to give users a choice (even if this is not available on Safari any more).
As it is explained the privacy policy. Basically you now use the same cookie "_octo" both for session management and first part tracking: https://github.com/github/site-policy/pull/336/files#diff-8b...
EU guidelines require that you offer granularity of choice for different “processing purposes”. See in this "Guidelines on consent under Regulation 2016/679" https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_gui...
In section "3.1.3 Granularity" paragraph #44. "If the controller has conflated several purposes for processing and has not attempted to seek separate consent for each purpose, there is a lack of freedom. [...] When data processing is done in pursuit of several purposes, the solution to comply with the conditions for valid consent lies in granularity, i.e. the separation of these purposes and obtaining consent for each purpose"
You grouped cookies together and removed granularity of choice. I think this is against the spirit of the regulation.
Overall I think the the change is positive, but grouping cookies to avoid a banner is still against the regulation.