(no title)

> The most common use of “tracking” cookies is just to be able to count unique views for your site, which I think is a perfectly reasonable thing to want to do.

Sure, and I don't remember if this is currently legal without need to notify/ask, but I think it should be.

As long as the tracking data is legally and technically isolated to only domains/apps/devices controlled by the same entity... Most people have the expectation that a website/business will be able to remember them across visits from the same browser.

But people will not necessarily have this expectation of being recognized across domains or different devices - indeed most people won't know it's even possible - so anything facilitating such identify/profile correlation should be considered illegal tracking by default. The specific technical method of creating the correlation should not matter. Honestly this could extend to non-web profile building as well.

The exception, of course, is if the user has self-identified by logging in.

> Other examples of where cross-site tracking is useful is for preventing online payments fraud. You have a similar IRL version of this where your bank will freeze your card if it sees purchases being made in different countries simultaneously.

True, completely agree. There are already blanket exemptions for certain uses in the GDPR and those should be extended as needed for use cases that have legitimate value. Cookie law should be changed so no need to ask/inform the user about these use cases other than in the website's privacy statement, where such tracking should be stated.

Industries handling such tracking data should be regulated and audited to ensure proper handling and use of the data. Again I think this should be applied as a broader principle, and I think for example loyalty programs should be also audited to ensure compliance with legal uses of the collected data.