Note that you still need to get consent for the cookie in this case, as the cookie is being used for something which isn't strictly necessary to provide the service.
I think this is kind of interesting question actually. If this cookie is entirely separated from the rest of the experience (e.g. _never_ gets associated to a logged in cookie, or IP address, etc.), is it really tracking the user? It's more like tracking article association. I agree it's not strictly necessary to provide the service, but is it necessarily tracking users at all? Another similar approach would be to keep the clients IP address as a similar key, but in that case the IP address can often be used to (at least closely) identify the client, but if the UUID is randomly generated it's a bit different.
I mean my gut feeling is that you're correct, but I kind of wonder about this case.
edit: A cursory reading of this site makes me think you are correct:
I mean my gut feeling is that you're correct, but I kind of wonder about this case.
edit: A cursory reading of this site makes me think you are correct:
https://www.privacypolicies.com/blog/eu-cookie-law/