(no title)

The cookie banner requirement is itself a widespread misconception because the actual rule is neither specific to cookies (it would also cover other locally stored data) nor universal (for example it doesn't require specific consent for locally storing necessary data like session/login mechanics or the contents of a shopping basket).

The requirements for consent that do exist originate in the ePrivacy Directive. That directive was supposed to be superseded by a later ePrivacy Regulation that would have been lex specialis to the GDPR - possibly the only actual link between any of the EU law around cookies and the GDPR - but in the end that regulation was never passed and it was formally abandoned earlier this year.

So for now rules about user consent for local data storage in the EU - and largely still in the UK - do exist but they derive from the ePrivacy Directive and they are widely misunderstood. And while there has been a lot of talk about changes to EU law that might improve the situation with the banners so far talk is all it has been.