>The EU's cookie law still requires a banner if your site uses a cookie to store something like preferred language or default location (even if it's not tied to a specific identity), as those aren't considered "strictly necessary" cookies.
This simply isn't true, and your source for this is biased as another commenter has stated.
I'm happy to be corrected on this, but your source says nothing about the kind of cookies I mentioned. Examples of strictly necessary cookies are auth sessions and shopping cart contents, not preferred language or default location. Paragraph 25 of the law states[1]:
> Where such devices, for instance cookies, are intended for a legitimate purpose, such as to facilitate the provision of information society services, their use should be allowed on condition that users are provided with clear and precise information in accordance with Directive 95/46/EC about the purposes of cookies or similar devices so as to ensure that users are made aware of information being placed on the terminal equipment they are using. Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment.
Is storing preferred language or default location strictly necessary, or just a legitimate purpose (and thus requires consent)? The EU has had since 2009 to clarify this, but many sites (including the news article about the USB-C law) interpret it to mean that consent is required, and thus have cookie banners for these things.
If you can't agree that the cookie law is a bad law that either needs to be repealed, clarified, or made more strict, then I don't know what to tell you. It's a perfect example of a well-intended law that causes more problems than it solves. And it's a perfect example of the EU failing to update a law with clear flaws. I don't know if the USB-C law will have a similar outcome, but considering the EU's track record, I'm not confident it will be a good thing in the long term.
It says that simply telling the user that the language setting uses a cookie is enough to obtain consent in this case. Not that you need a full blown banner. The CNIL even says you don't need consent to do it.
This simply isn't true, and your source for this is biased as another commenter has stated.
The EU website has the exact legal definitions:
https://europa.eu/youreurope/business/dealing-with-customers...