[skrebbel]

it doesn't. there's no law against cookies, there's a law against tracking. you can perfectly well store the cookie banner consent choice in a cookie.

EDIT: the reality is that it should actually be a "can we track you?" consent box. sites using the word "cookie" instead of "tracking" in the consent banner/popup are using technobabble to confuse you into just clicking "ok". users are not supposed to understand what it means.

it hurts me deeply that even programmers, who do understand what cookies are, have seen these misleading cookie banners so often that they think that's what GDPR prescribes. it's not, it's a lie.

[dmurray]

> it doesn't. there's no law against cookies, there's a law against tracking. you can perfectly well store the cookie banner consent choice in a cookie...they think that's what GDPR prescribes. it's not, it's a lie.

This is just wrong.

The Cookie Law (ePrivacy Directive of 2002 and 2009) is distinct from the GDPR. It really is a law against unconsented cookies: not just "tracking" ones but also anything that stores the user's preference: anything not "strictly necessary for the delivery of a service requested by the user".

That said, websites could certainly do a bit better here and give users a clear option of "I request a service delivered without the use of cookies, apart from the one necessary to remember this request".

[0]https://gdpr.eu/cookies/?cn-reloaded=1

[1] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...

[skrebbel]

This is just FUD. Storing the cookie consent in a cookie is obviously "strictly necessary" if that's all you do with the cookie. Strictly necessary cookies do not, themselves, require consent.

You're saying that without obtaining consent, you can't store the cookie consent preference which is a ridiculous catch 22 explicitly rejected by the first link you shared (which states that the consent choice must be stored)