Comment by t-writescode
5 days ago
The standard "Accept Cookies" banner is, give or take, malicious compliance to the EU's cookie laws. For actually required things, it doesn't *need* to be a banner. Companies tend to use a standardized, third-party-powered "follow the EU law" tool that they get the ugly cookie banner. And even that banner's malicious compliance is under attack now because it takes too many steps to opt out.
For things like sign-in, you barely have to mention the use of cookies on your website, because it's necessary. For things like items in an anonymous shopping cart, a simple "adding this item to the cart when you're not logged in will cause the item to be saved in a cookie so we can remember it later" would suffice.
I'm not a lawyer, but that's my understanding.
Not even that. There's no rule in the GDPR to disclose the use of cookies. The regulation doesn't actually mention cookies at all, except maybe in an example. Instead, any data collection that's obviously required to do what the user requests (including session and shopping cart cookies) doesn't require any explicit consent. Only additional data collection, whether performed by cookies or any other means, requires consent.
That's why there are websites without cookie banners, like GitHub. It's not even hard to do that; it's just that most companies don't bother, because they know the EU will be blamed anyway.