I was going to agree with you, but in researching this, it does seem that GP is right. This is the source that I found: https://gdpr.eu/cookies/
As far as I can see, this is a resource funded by the EU, so not quite authoritative, but good enough IMO. They say:
> To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must: Receive users’ consent before you use any cookies except strictly necessary cookies. [...]
This sounds like what you're saying, but this verbiage is based on a classification of cookies further above where a distinction is made:
> Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. [...]
>
> Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for [...]
So "strictly necessary" really only means "the site breaks without this", e.g. a session cookie set by a login page or the shopping cart example that the quoted article explicitly calls out, too. Presentational settings like display density, font size, dark/light mode and such seem to require consent.
As far as I can see, this is a resource funded by the EU, so not quite authoritative, but good enough IMO. They say:
> To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must: Receive users’ consent before you use any cookies except strictly necessary cookies. [...]
This sounds like what you're saying, but this verbiage is based on a classification of cookies further above where a distinction is made:
> Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. [...] > > Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for [...]
So "strictly necessary" really only means "the site breaks without this", e.g. a session cookie set by a login page or the shopping cart example that the quoted article explicitly calls out, too. Presentational settings like display density, font size, dark/light mode and such seem to require consent.