[tomelders]

GDPR should have been implemented as a standard that browser vendors should implement. e.g.

``` window.getPersonalDataPreferences() ```

It should only prompt the user to submit their preferences if no preferences were detected, or a specific permission is required to allow certain features.

People may argue that everyone will just turn everything off everywhere and forget about it, and I would argue "so what?".

The burden of GDPR has been dumped on the wrong people and has become so tedious to administer it's basically useless and a massive waste of time and energy.

[Nextgrid]

We had that in the form a "Do Not Track" header and not only did nobody obey it, but malicious actors actually used it as an extra fingerprinting vector to track you even more.

[M2Ys4U]

The GDPR is not a cookie law. It's not even an internet law.

The GDPR applies when any processing of any data is done regardless of context.