[caffeine5150]

The cookie banners are required by the ePrivacy Directive, not the GDPR or its predecessor, the Data Protection Directive. ePrivacy has been around for years. Directives are EU-wide “directives” to each member state (country) to enact their own version of it. Therefore, both ePrivacy Directive and the old Data Protection Directive resulted in varied laws from country to country making compliance a challenge. Part of the purpose of the GDPR was to create consistency by replacing a directive with an EU-wide regulation. They have the same plan for ePrivacy and already have published an ePrivacy Regulation for review and comment. The ePrivacy Regulation was supposed to be passed at the same time as the GDPR, but they’re behind so people are expecting it in 2019. There is a recognition that the cookie banners have been a failure, and it is expected the ePrivacy Regulation will get rid of them (but there will still be TBD consent requirements around use of cookies).