how do websites have the option to deny all cookies? don't they need a cookie to know you don't want cookies?

Local storage. It'll be good until the next time something tombstones the record.

You could use the absence of a cookie instead.

Set a cookie for “asked,” present dialog, switch cookie to “allowed” and write other cookies, or delete the cookie for “denied”

Of course this would present the dialog again on a page loads, but it works well enough for a SPA. But so does `var allow_cookies`

The eu eprivacy directive states that only essential cookies may be used. So yeah, there might be a cookie

Fucking use containers. Fucking whitelist websites you want to be allowed to set cookies, all other websites can suck it. And use extensions to block cookie popups. That’s it

They can still use cookies.
Essential cookies for things like sessions, and 1st party cookies for other things are fine for the use of the website.

Correct me if I'm wrong but GDPR is really only nazi time on the 3rd party cookies, right?

Compressed JSON stored in IndexedDB.

Shit looks like random mandarin and emojis unless you decompress it. Fucks with everybody.

Yeah there are non cookie methods, and you can still use cookies, just for the basics.

@Root yeah that was my exact thought process, but i tested it and it doesn't ask on other pages

Most non-tech people have no knowledge about cookies and get panicked. They need to be educated about cookies.

Ay I work with this on a daily basis, so I actually know something about this! :D

Other people are absolutely right, in saying that necessary cookies are allowed, without the consent of users. This isn't just GDPR, but also CCPA, LGPD etc.

If you take a look at for example cookiebot.com (shameless plug), you'll see that there's different categories, with "necessary" being prechecked, and you're unable to uncheck it.

Also: there's other reasons why this cookie banner is not GDPR compliant

@C0D4 You're usually wrong about other things, but I think you're good on that one

@C0D4 Yes, but imprecise.

GPDR doesn't like excessive data collection (e.g. from 3rd party sites), no matter what technology.

ePrivacy doesn't like "storing data on a user's device" for nonessential purposes (ePrivacy should have been replaced to have the same content as GPDR), even if it doesn't affect the user's privacy. Strictly it is technology neutral, too.

@ScriptCoded but that doesn't even matter, because it says deny ALL cookies. so it has to be lying. it could say "deny stalking cookies" and be valid, but all cookies includes the essential ones.