alt Hacker News>The law requires consent before using a cookie to store even a mundane option that was just directly modified by a user.
If your are referring to GDPR this is wrong. GDPR does not require consent for strictly necessary cookies.
>Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.
Though language preference does not seem like something that requires a cookie. Just respect the Accept-Language header. There is no need to reinvent the wheel here.
No I am referring to the EPD as I state in my comment, an acronym you should know since it’s defined in the explainer you link. As someone who has experience in this area, it’s not as simple as “just use the Accept-Language header it will be fine”.
In any event, that’s besides then point. There are non-tracking cookies that get swept up in the EPD’s consent requirements. This causes way more popups than needed to address the real problem of users being tracked and profiled across domains. The result is users being inundated with consent banners on freaking homepages.
If you changed the requirements to “consent is required for marketing cookies” then I’d wager it would vastly reduce the need for these banners. You could show the banner interstitially as soon as a customer entered your funnel and wanted to try to perform spooky attribution.
In my experience the banners are useless because they don’t actually tell me whether the site is tracking me or not (the behavior I presumably want to prevent). They just tell me whether the site uses cookies, which I’m okay with 99% of the time, so I just click yes.