> it doesn't. there's no law against cookies, there's a law against tracking. you can perfectly well store the cookie banner consent choice in a cookie...they think that's what GDPR prescribes. it's not, it's a lie.
This is just wrong.
The Cookie Law (ePrivacy Directive of 2002 and 2009) is distinct from the GDPR. It really is a law against unconsented cookies: not just "tracking" ones but also anything that stores the user's preference: anything not "strictly necessary for the delivery of a service requested by the user".
That said, websites could certainly do a bit better here and give users a clear option of "I request a service delivered without the use of cookies, apart from the one necessary to remember this request".
This is just FUD. Storing the cookie consent in a cookie is obviously "strictly necessary" if that's all you do with the cookie. Strictly necessary cookies do not, themselves, require consent.
You're saying that without obtaining consent, you can't store the cookie consent preference which is a ridiculous catch 22 explicitly rejected by the first link you shared (which states that the consent choice must be stored)
This is just wrong.
The Cookie Law (ePrivacy Directive of 2002 and 2009) is distinct from the GDPR. It really is a law against unconsented cookies: not just "tracking" ones but also anything that stores the user's preference: anything not "strictly necessary for the delivery of a service requested by the user".
That said, websites could certainly do a bit better here and give users a clear option of "I request a service delivered without the use of cookies, apart from the one necessary to remember this request".
[0]https://gdpr.eu/cookies/?cn-reloaded=1
[1] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...