They want to subject you to those popups in order for you to get annoyed by them and blame the GDPR for it (and hopefully get some sort of popular uprising against the GDPR). However, the GDPR is not to blame. Those popups are a choice the website operators are making.
Noooo, they can't tell if I'm a new browser or not and they display these incessant, idiotic GDPR warnings because I don't have cookies enabled lol. How would they know whether or not they displayed the warning before without me having a cookie indicating whether or not they displayed the cookie warning?
Answer: they can't. The EU politicians did not think this through.
Like, just send everyone a postcard about cookies and be done with it. Literally this is the dumbest law ever. I love consumer protections, and yet this is the most idiotic thing we all have to deal with on a literal daily basis because nobody understands how cookies work, apparently.
The point of the law was not to require everyone to nag you about all the tracking they are doing, but to discourage them from tracking you. Cookie popups are just a collective form of malicious compliance.
The point was to discourage doing the sort of data collection that requires consent. Websites that don't want to spy on you and don't have an inherent need to collect protected information about you don't need to get consent to begin with.
The very fact that a website is presenting a cookie popup to you is effectively an admission that the website is engaging in unsavory practices. When I see one, I think twice about using the site.
There's nothing unsavory about HN using a cookie to label your comments with your username.
Cookie warnings are like "known to the state of California to cause cancer" warnings. If not displaying a warning creates serious risks, and there is no compensation for legal costs to prove that the warning wasn't necessary, everyone will display the warning everywhere as a precaution.
> There's nothing unsavory about HN using a cookie to label your comments with your username.
True, and if that's all the data collection is about, then there's no need for a cookie banner.
> If not displaying a warning creates serious risks
It does not create serious risks. It's pretty clear what sort of data collection is risky, and any site will know if they're squarely in the "safe zone". The risk is if they want to engage in sensitive data collection, or if they want to push as closely as possible to that.
You only need to get consent if you plan to collect user data. There's no need to store any cookie documenting user consent if you aren't doing anything you would need consent for! And that is the real aim of the law:
"The General Data Protection Regulation requires you to consider whether there is an opportunity to achieve the objective through processing less data or if the aim can be achieved through less intrusive means." [1]
Don't blame the GDPR for the plague of useless cookie warnings; blame lazy developers who would rather thoughtlessly burden you with shitty UX than try to stop tracking you.
