[awiesenhofer]

> I'm not nefariously collecting their social security number.

In which case, the GDPR doesnt even apply to you! Only if you collect/store PII the GDPR starts to apply!

> Thanks to the GDPR I cannot do this without the stupid cookie warning popup.

Again, the GDPR has nothing in it about cookie banners.

> the GDPR is clumsy lawmaking

It isnt, people are just complaining about it without ever actually reading it or doing much research.

[cbeach]

In the UK (and broadly under the UK GDPR and PECR – the Privacy and Electronic Communications Regulations), yes, you generally do need to get consent before setting non-essential cookies, even if it's just for rudimentary analytics like a unique visitor count.

Here's the key distinction: Strictly necessary cookies: No consent needed. These are required for the site to function properly (e.g., shopping cart cookies, login sessions).

Analytics cookies (including the case with a unique ID for tracking visitors): Not strictly necessary, so consent is required.

Even if the data is anonymous or pseudonymous (like a randomly generated unique ID), if the purpose is analytics and it involves storing or accessing data on the user’s device (like setting a cookie), you must ask for consent.