So, since they didn't ban it outright, doesn't it make it clear that the goal wasn't to remove it fully? The goal was to let users be informed about it, so they can make their own choice, not to remove the choice at all.

The EU didn't mandate that annoying UI. That's malicious compliance from businesses who are trying to undermine the law.

The core of the system is simple - you list the third parties you send data to, you make accepting and rejecting equally easy.

Consider basically any popup on a popular website which: takes over most of the screen, makes "accept" the highlighted action button, requires going through "customise" to reject, sometimes requires unchecking categories manually, puts "save and exit" and "accept all" that so the same thing next to each other, either hide or not provide "reject all", etc.

There is no conspiracy here. You can either not use third parties, or if you do, your approval system doesn't have to be obnoxious at all, but almost every page makes it a shitty experience to 1. Make you accept out of frustration. 2. Make your angry that this is asked in the first place.

No need for any "big conspiracy" when nobody is reading the actual law and instead everyone just copies everyone else.

You can eliminate friction in your UX by not collecting data you don't need. It's way less work to, you know, not collect that data.

I'm not sure why the government is needed to solve a problem that you've gone out of the way to inflict on yourself.

Let's say I want to improve my site by recording basic user analytics like unique user counts, to produce actionable data. I'm not nefariously collecting their social security number. I'm just putting some uuid in a harmless cookie in their browser so I can track which requests are from a unique browser.

Thanks to the GDPR I cannot do this without the stupid cookie warning popup.

In this regard, the GDPR is clumsy lawmaking that results in companies having to behave defensively, hoping that users will accept a damaged UX in order that the company is not fined by the EU.

> I'm not nefariously collecting their social security number.

In which case, the GDPR doesnt even apply to you! Only if you collect/store PII the GDPR starts to apply!

> Thanks to the GDPR I cannot do this without the stupid cookie warning popup.

Again, the GDPR has nothing in it about cookie banners.

> the GDPR is clumsy lawmaking

It isnt, people are just complaining about it without ever actually reading it or doing much research.

In the UK (and broadly under the UK GDPR and PECR – the Privacy and Electronic Communications Regulations), yes, you generally do need to get consent before setting non-essential cookies, even if it's just for rudimentary analytics like a unique visitor count.

Here's the key distinction: Strictly necessary cookies: No consent needed. These are required for the site to function properly (e.g., shopping cart cookies, login sessions).

Analytics cookies (including the case with a unique ID for tracking visitors): Not strictly necessary, so consent is required.

Even if the data is anonymous or pseudonymous (like a randomly generated unique ID), if the purpose is analytics and it involves storing or accessing data on the user’s device (like setting a cookie), you must ask for consent.

You don’t require the cookie popup for this.

Again, nobody is actually reading the law here. Tech is 99% followers who blindly do whatever without understanding the motivation behind it.