It’s called “using an extension to manage cookies”. There are dozens of extensions for this.
Encoding the usage of a particular (probably otherwise short-lived) technology in law is generally a pretty bad idea. Sure, have the EU write laws about cookies - the two outcomes are A) this becomes useless when people switch to a different tech stack that doesn’t use cookies B) we’re stuck using 30-year-old technology to try to get things done, at least for regulated industries like banking or government services. Like the IE regulatory situation in Korea but worse.
Anyone have an update to that story? I know in Korea they use a ton of apps to order things all the time now. Maybe this law was phased out, or just didn't apply to phones?
Not to take away from your broader point. Laws are just such a terrible development model. Everything's tested live and you can't easily revert anything.
The law is not about cookies, it's about an obligation to inform on and let users opt out of tracking features that go beyond technically necessary features.
> Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
The gdpr does NOT plainly state cookies. It refers to any form of user tracking from websites!
Quoting recital 30 of gdpr
"NATURAL PERSONS MAY BE ASSOCIATED WITH ONLINE IDENTIFIERS…SUCH AS INTERNET PROTOCOL ADDRESSES, COOKIE IDENTIFIERS OR OTHER IDENTIFIERS…. THIS MAY LEAVE TRACES WHICH, IN PARTICULAR WHEN COMBINED WITH UNIQUE IDENTIFIERS AND OTHER INFORMATION RECEIVED BY THE SERVERS, MAY BE USED TO CREATE PROFILES OF THE NATURAL PERSONS AND IDENTIFY THEM."
When a corporate lawyer hears a law explicitly list technologies like "IP addresses" and "cookies", they're going to (rationally) get scared when you step outside the clear boundaries of that law, and it's their job to place institutional pressure on technical people within the corporation not to do things that make them scared.
Encoding the usage of a particular (probably otherwise short-lived) technology in law is generally a pretty bad idea. Sure, have the EU write laws about cookies - the two outcomes are A) this becomes useless when people switch to a different tech stack that doesn’t use cookies B) we’re stuck using 30-year-old technology to try to get things done, at least for regulated industries like banking or government services. Like the IE regulatory situation in Korea but worse.