Well, in France yes already (and the links are in French, basically the first one is about a basic hack where you could change the id of the user in the URL of the current page to get others users' invoices -no comment-, and the second one because the users could not decide what cookies could be stored on their computers, they did not offer any choice eg through a CMP or something else)
These links are misleading as neither of those fines was imposed based on GDPR: The first article says that the fine was imposed based on a national law due to a data breach in 2017 (and says that the fine could’ve been higher now under GDPR), the fine in the second article was handed out based ePrivacy / Cookie legislation. Neither of those are directly related to GDPR, although the first case would also be punishable under it (but wasn’t when it happened).
I would’ve been surprised if the authorities had handed out fines that fast, as they usually need to give companies a reasonable amount of time to fix problems after they are revealed.
Will the interpretation depend on the country until someone raises the case to the highest court? Do we have to check the precedent of all European countries?
How do I allow this site to set the 'user' cookie, but not the '_cfuid' one? Since Cloudflare is proxying, both cookies are first-party.
FF61 on Mac. Solutions for Chrome would also be interesting.
Note that I specifically don't want 'self destructing cookies' or session- or time-limited ones. I just want to white/blacklist by site, cookie name, and perhaps cookie content.
I've briefly looked for suitable extensions, but not yet found anything.
I would’ve been surprised if the authorities had handed out fines that fast, as they usually need to give companies a reasonable amount of time to fix problems after they are revealed.