I'm going to repeat … cookie banners are not necessary for functionality that the user expects to receive as part of the service provided. And yes, this is part of the ePrivacy Directive. And indeed, the cookie banners that only “notify” users, without requiring an acknowledgement to proceed, are not even legal.
Go to any Mastodon website right now. Why aren't they providing a cookie banner for notifying that session cookies are used?
GDPR isn't concerned with cookies. What the GDPR cares about is personal data and having a legal basis for processing. And “consent” is only one of those legal bases.
You don't need consent, for example, for using a home address for delivering pizza, since pizza delivery can't work without that home address. That's what's called a “legitimate” interest. You also don't need consent for keeping logs for security purposes, if the retention rate is reasonable (e.g., 3 months). You also don't need consent if the law demands that you keep certain records for fraud detection by law enforcement (e.g., banking).
--->
A vast majority of websites needing cookie banners or GDPR consent dialogs are doing spyware shit, which includes Google Analytics (85% of all websites), or behavioral advertising via RTB platforms. And the few websites that don't probably haven't spoken with lawyers yet.
If you're so convinced you're right about this point (which is not the view of lawyers I've seen spend tens of thousands worth of billable hours around GDPR and ePrivacy Directive... though I'm not in the legal profession myself, just somebody who has seen the legal advice about this at multiple tech companies, and it's a confusing enough area of law with little precedent set in courts yet, so it's absolutely not impossible that they and therefore I am wrong, though I don't think it's the case) maybe you could provide a source for the claim that's from an actual authority - like the source I provided from an actual government department responsible for implementation of enforcement of these laws, which disagrees with the view of GitHub, a company that may or may not have interpreted the law correctly?
Also, saying "I'm going to repeat..." to someone who had (rightly or wrongly) corrected something you said, is not really helpful, it's not adding to the argument and is more likely to push people away than to get them to reconsider your belief (almost made me just ignore your whole reply, to be honest). I'd suggest saving that phrase for when somebody had forgotten something you said, not when they think that what you said is wrong.
Go to any Mastodon website right now. Why aren't they providing a cookie banner for notifying that session cookies are used?
Go to GitHub for that matter. Why aren't they providing a cookie banner? We know why: https://github.blog/2020-12-17-no-cookie-for-you/
GDPR isn't concerned with cookies. What the GDPR cares about is personal data and having a legal basis for processing. And “consent” is only one of those legal bases.
You don't need consent, for example, for using a home address for delivering pizza, since pizza delivery can't work without that home address. That's what's called a “legitimate” interest. You also don't need consent for keeping logs for security purposes, if the retention rate is reasonable (e.g., 3 months). You also don't need consent if the law demands that you keep certain records for fraud detection by law enforcement (e.g., banking).
--->
A vast majority of websites needing cookie banners or GDPR consent dialogs are doing spyware shit, which includes Google Analytics (85% of all websites), or behavioral advertising via RTB platforms. And the few websites that don't probably haven't spoken with lawyers yet.