[Serkevan]

You may or may not have seen a pop-up with apparent options to choose cookies. This will typically have a list of hundreds of "partner" cookies of which you will would need to untick each box, one by one. Otherwise accept all cookies or you cannot get rid of the pop-up blocking the screen. The GDPR is toothless.

Generally there has to be a "Reject all" option, though it's true that not every site has it. By the letter of the directive it is mandatory that opting out be as easy as opting-in.
I have noticed a much lower amount of cookies lately - only the one for the site itself, nothing cross-site. The problem with dozens of third parties planting cookies by the dozen is no longer there... though to be fair I've been using my privacy settings well before GDPR went online.

[Lord Lucan]

Generally there has to be a "Reject all" option, though it's true that not every site has it. By the letter of the directive it is mandatory that opting out be as easy as opting-in.

OK, so as an example I have just been to the website of the Gruniad newspaper ( News, sport and opinion from the Guardian's UK edition | The Guardian ). Up came the cookie nag pop-up and I chose to reject all, and then backed out of the website. This is what my cookie list shows afterwards - 16 Guardian cookies occupying at least 48KB, despite my "rejecting all".

The reason there are no other cookies present is that I intentially did it from a completely fresh install of Windows 7, by loading such an image into a virtual machine, and I went straight to the Guardian's website. So nothing else can be blamed.

Where is the GDPR in this?

[Serkevan]

OK, so as an example I have just been to the website of the Gruniad newspaper ( News, sport and opinion from the Guardian's UK edition | The Guardian ). Up came the cookie nag pop-up and I chose to reject all, and then backed out of the website. This is what my cookie list shows afterwards - 16 Guardian cookies occupying at least 48KB, despite my "rejecting all".

The reason there are no other cookies present is that I intentially did it from a completely fresh install of Windows 7, by loading such an image into a virtual machine, and I went straight to the Guardian's website. So nothing else can be blamed.

Where is the GDPR in this?

Huh. I got 3 cookies in total, and the same 48 KB storage (the storage has nothing to do with the cookies, by the way, it's the cache - some CDNs have ~20 MB of storage despite 0 cookies). I suppose in my case it's the tracker blockers doing their job (although they show that no trackers are detected). For reference, a fresh Firefox profile shows that, if you "accept all" you get 21 cookies, 150 KB storage and a third domain.


I absolutely agree that enforcement of "reject all" should be stricter, but I am mostly concerned with cross-site advertisers. However, by its very definition a minimum of one cookie is needed so as to not require the GDPR pop up on every single click through the webpage.