[lentil]

But the cookie is not "Personal data which have undergone pseudonymisation", is it? Assuming we're talking about the case where no PII is being sent along with the tracking data (which I believe is the point of masking the IP address, among other protections) how could this be attributed to a natural person?

What I'm trying to understand is why the addition of an opaque cookie value necessarily changes the situation, such that consent is required.

It's very possible I'm missing something here; genuinely trying to learn what that is.