GDPR doesn't spell out anything. It's the most vague f-ing BS I have ever seen. There are no definitions, no guidelines.
6 years later there is no consensus on simple questions like website analytics which is probably the most common usage scenario for the kind of data GDPR covers.
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data
...
Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
=== end quote ===
> there is no consensus on simple questions like website analytics which is probably the most common usage scenario for the kind of data GDPR covers.
The consensus is there. And it's spelled clearly in the law.
> Please tell me the consensus and guideline for website analytics.
Literally described in one of the links.
> Please tell me the consensus and guideline on how to store the rejection for using cookies
You can use a cookie for that. If it's for a logged-in user, you can store that in the user profile.
> Please tell me the consensus and guideline on what "legitimate purposes" are.
Text in one of the links literally contains a link to further reading on legitimate interest.
> And most of all, please tell me the consensus and guideline for cookie banners and popups
Literally described in both links.
Once again. It's painfully clear that you never bothered to read and understand anything about the law in the past 6 years. Your clueless questions about "why does gdpr and europa sites have cookie banners" only serve as further proof.
The https://gdpr.eu/ website is not official. Its description of "analytics cookies" cannot be found anywhere in the actual GDPR & Co regulations.
> You can use a cookie for that.
Use a cookie to store the literal "No cookies" preference? Great example of the contradictory and irrational text of the GDPR.
> Text in one of the links literally contains a link to further reading on legitimate interest.
More vague and contradictory BS.
> Literally described in both links.
Too bad that description is not actually valid and if you'll actually check the GDPR text (not the non-official gdpr.eu website) you'll find no such descriptions.
Moreover, the cookie banner on both websites is actually illegal under GDPR. Check out https://ico.org.uk/ for a correct (but horrifying) implementation.
You are correct, I am not an every-day GDPR expert. I only encounter it when implementing on various websites and there only for analytics - no ads or anything more.
But its requirements were always for the worse. Because of its vague and contradictory definitions everybody (including me) adopted the safest implementation and thus the current web of cookie banners and popups was born. I hope you are happy with it, it solves nothing but it makes everybody's life worse.
6 years later there is no consensus on simple questions like website analytics which is probably the most common usage scenario for the kind of data GDPR covers.
This law is beyond bad.