> Even when you do all your analytics inhouse with self-hosted matomo, if you want to use a cookie, you need consent is what the lawyers say unanimously
If you use a cookie for Matomo tracking than yes, you need consent. You are using a cookie for a non essential service (analytics), so you need to ask consent.
But that primarily says that Github doesn't care about cookies (or consent), not that you (not being a multinational corporations with an army of lawyers and millions in lobbying spending) can do the same.
I'm pretty sure those cookies are non-compliant if you look at them closely, because none of them are necessary for the operation of the service. a) a default value doesn't need to be stored in a cookie -- and it has to be a default value, because you haven't selected a color scheme or a timezone b) login-state does not require a cookie: either you're logged in and have a session, or you aren't, and you don't, c) there's no reason for a session on the public facing side that doesn't contain any private/individualized data, unless you want to use these session cookies to track users -- and it's only about users as bots will typically ignore cookies.
My money is on "Microsoft knows that cookie consent is optional if you're not a small European company".
If you use a cookie for Matomo tracking than yes, you need consent. You are using a cookie for a non essential service (analytics), so you need to ask consent.
But you can use Matomo as cookieless: https://matomo.org/cookie-consent-banners/
If matomo gathers data without a cookie, you can still use technical / essential cookies without consent.
As an example Github.com, owned by Microsoft, does not have a cookie consent popup and sets at least 5 cookies as soon as you open it:
- color mode (dark / light)
- user timezone
- whether the user is logged or guest
- a session cookie
- _octo, that I don't understand.