> If you want to ban data sharing or whatever then who cares whether it involves cookies or not?

Nobody. The law bans tracking and data sharing, not cookies specifically. People have just simplified it to "oh, cookies" and ignore that this law bans tracking.

▲

AnthonyMouse 4 hours ago | parent [-]

> The law bans tracking and data sharing, not cookies specifically.

From what I understand it specifically regards storing data on the user's device as something different, and then cookies do that so cookies are different.

▲

stavros 4 hours ago | parent [-]

Not really, it disallows tracking even if you aren't storing anything (eg via fingerprinting):

https://gdpr.eu/cookies/

▲

AnthonyMouse 4 hours ago | parent [-]

That link seems to say the opposite:

> The EPR was supposed to be passed in 2018 at the same time as the GDPR came into force. The EU obviously missed that goal, but there are drafts of the document online, and it is scheduled to be finalized sometime this year even though there is no still date for when it will be implemented. The EPR promises to address browser fingerprinting in ways that are similar to cookies, create more robust protections for metadata, and take into account new methods of communication, like WhatsApp.

If the thing they failed to pass promises to do something additional, doesn't that imply that the thing they did pass doesn't already do it?

And I mean, just look at this:

> Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.

> Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.

So you don't need consent for a shopping cart cookie, which is basically a login to a numbered account with no password, but if you want to do an actual "stay logged in with no password" or just not forget the user's preferred language now you supposedly need an annoying cookie banner even if you're not selling the data or otherwise doing anything objectionable with it. It's rubbish.

	▲	vladms 2 minutes ago \| parent [-]
		> but if you want to do an actual "stay logged in with no password" Wouldn't that be a session cookie (which is a strictly necessary cookie for accessing a secure area) with no expiration? > or just not forget the user's preferred language Why would you store the language preference client site anyhow? Isn't a better place the user profile on the server? I use the same language for the same site no matter the device I am logged in.