[privacylawthrow]

I'm a privacy lawyer that has worked on cookie consents for a number of commercial websites. Everything you said here is all too true. The real legal answer in a lot of cases is "Do what everyone else is doing. Don't be an outlier. Use industry tools because if there's a problem with an industry tool, they'll go after the tool and not its users."

The comments about cookies not being part of GDPR are grossly wrong. One of the early discussions in the privacy law community was how to handle the collision of the new consent requirements under GDPR with the fact that the ePrivacy Directive requires consent for cookies. Prior to GDPR, a large number of EU jurisdictions allowed for implicit consent through a variety of actions, like scrolling a page, or non-actions, like seeing a banner and not clicking "no". GDPR redefined consent and that's why cookie banners pop up.

[belorn]

As lawyer, could you make an argument how consent can be given by a person if they haven't read the legal document, the other party know that the person has not read the document, and even if the person had read the document they would not understand it because of its language, complexity and size.

To put it in other words, if we used the same definition of consent in any other legal contexts that also require freely given informed consent, would the legal system still function?