[krsdcbl]

"the banner" is nowhere stated in the law. it's a way people have chosen to comply with the law, and most of the implementations currently out there are still in violation of what the law states. The law simply mandates you get informed, "written" consent from any visitor before tracking them or collecting PII in any form or function.

[herio]

Just read up on it and it's actually a bit more detailed, it requires active consent.

https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_gui...

Statement 82 reads:

"The GDPR does not allow controllers to offer pre-ticked boxes or opt-out constructions thatrequire an intervention from the data subject to prevent agreement(for example ‘opt-out boxes’)."

This in my mind pretty much invalidates most of the existing cookie banners out there, not to mention the multi layered messes some sites do (oath comes to mind).

[krsdcbl]

yep, that's exactly what i mean by "informed & written" - quite literally it must be active by definition of "informed", but furthermore in a way that is clear to the user of WHAT he actively consented to, and written meaning "proveable".

[toomanybeersies]

Cookie banners predate GDPR by a decade or two.

[krsdcbl]

and most importantly, don't suffice to fulfill gdpr. User must not only be informed OF the usage of cookies, but of any means of tracking, and must be presented a way to access the content WITHOUT having to load said cookies or tracking measures

[yostrovs]

If it simply stated what you say (may I have the quote?), few would be in violation of it, again as you say.

[jraph]

It's difficult to quote what does not exist, but yes, GDPR only require asking explicit consent (which can be implemented in different ways, cookie banners being one).

And this is not for cookies required for technical reasons (seesion cookies and cookies to save preferences) - you don't need consent for them. Only for marketing / statistical cookies. See [1], it does a good job of explaining this.

[1] https://gdpr.eu/cookies/