[Nextgrid]

The GDPR consent prompts are less about technicalities (are you using cookies or local storage) and more about giving the side permission to stalk you no matter what method they use.

The real problem here is the lack of enforcement of the regulations. The majority of GDPR consent prompts are obnoxious because they aren't actually compliant - compliant ones are much more pleasant. See this comment I just posted on another GDPR thread: https://news.ycombinator.com/item?id=21429666

Finally there's this misconception (it could be a lie perpetuated by companies looking to profit from GDPR-related consulting, or those looking to push back on the regulation by making it seem more annoying than it actually is) that all cookies require consent. That is blatantly false. Cookies to store site preferences (like language, font size), shopping carts or login sessions don't require consent as they're necessary for the functionality you're trying to use.

[raverbashing]

This is the right answer. I think the popups come mostly from a) an American interpretation of an European law and b) as a way to spite the users while "trying" to do the bare minimum to comply with the letter of the law (which might not be accepted as compliance)

And none of this farce would be needed if sites wouldn't track individual users. Showing ads don't require tracking individual users (and retargeting is frankly BS)

[gingerlime]

I honestly can’t figure out how these popups became so prevalent. They’re so obviously not compliant not just with the fine print of GDPR but with its spirit.

Even if you’re completely cynical about being compliant with GDPR I would imagine that not having popups like that at all is more compliant or less likely to get you in trouble than having those flagrantly-non-compliant ones...

[TheCoelacanth]

It basically the "I don't have to be faster than the bear, I just have to be faster than you" principle in action.

GDPR violations are so ubiquitous that regulators can't possibly go after all of them.

As long as you aren't a particularly juicy target and are doing the same things that everyone else is to pretend to follow GDPR, you probably aren't going to be among the first enforcement targets.

[kd5bjo]

There's also some cargo-cult legal reasoning going on as well, I think: instead of paying a lawyer to read the new law and tell you what you actually need to do, simply do whatever you see everyone else doing and assume it's fine.

[gingerlime]

But not doing anything visible might actually be better than pretty much advertising that you're not compliant. It might be easy to catch a bunch of sites using a 3rd party "compliance solution" popup banner in one big swoop.