| While you asked about GDPR, the banners are actually required for many use cases by the EU ePrivacy Directive[1]. This use case is both more broad, and different than those afford by GDPR. However it's possible both can overlap and you can be sanctioned for both items at once. Not every website is subject to GDPR - applicability is determined by GDPR Article 3[2]. When a site is subject to GDPR - you need a legal basis to process personal data[3] subject to Article 6[4]. Sites which use the 'consent' legal basis, thus get consent with a banner. If you do not have a valid legal basis (such as consent) to process data, but are found to be - complaints with the relevant Data Protection Authority may be lodged and investigations may be carried out subject to Article 77[5]. In the event of an adverse decision corrective action, including fines may be levied. There are two fine structures in the GDPR, and those can be found in Article 83.[6] Now, a site can use geofencing, to determine if you are in the EU (or other relevant location) and selectively show you a banner or not based on your believed location as is determined by a reverse IP Address lookup. You may be re-prompted between visits depending on if the persistence mechanic you select is maintained. Some browsers delete cookies aggressively[7], and if the preference cookie is removed by the browser you will likely be issued a banner on the next visit to re-establish your preferences. [1]https://gdpr.eu/cookies/
[2]https://gdpr-info.eu/art-3-gdpr/
[3]https://gdpr-info.eu/art-4-gdpr/
[4]https://gdpr-info.eu/art-6-gdpr/
[5]https://gdpr-info.eu/art-77-gdpr/
[6]https://gdpr-info.eu/art-83-gdpr/
[7]https://webkit.org/tracking-prevention/ |