Just because that correlated in time doesn't mean it's what the law actually implies.
Informed consent about cookies was a law that predated the GDPR.
The consent boxes only got worse because, with GDPR, you suddenly have regulators who care about these things and are empowered to impose hefty fines. So people stopped ignoring the whole space of privacy, as they had been before.
One of the declared goals of GDPR is to reign in "profiling". So the industry started trying to desparately weave a narrative on the grounds of consent: they wanted to create an electronic paper trail that would somehow support their claim that people were consenting under the rules of the GDPR to being profiled.
But consent under the definition of the old cookie directive does not meet the standard required under the GDPR for consenting to profiling [1]. People like Max Schrems are actively engaged in trying to get the industry to turn away from their noncompliant ways [2]. Especially the use of certain UI dark patterns has already lead to hefty fines [3].
My hope is that, when this has all played out through the legal system, it will become clear to the industry that the stuff they are trying to get you to consent for them to do, is just outlawed altogether, thus scoring a victory for privacy on the web and rendering that consent-stuff moot.
If not, regulators may need to get involved to make it more clear, that this is the intended outcome, which I have no doubt they eventually will.
I also have high hopes that, eventually, GPC will become enshrined in law [4]
Informed consent about cookies was a law that predated the GDPR.
The consent boxes only got worse because, with GDPR, you suddenly have regulators who care about these things and are empowered to impose hefty fines. So people stopped ignoring the whole space of privacy, as they had been before.
One of the declared goals of GDPR is to reign in "profiling". So the industry started trying to desparately weave a narrative on the grounds of consent: they wanted to create an electronic paper trail that would somehow support their claim that people were consenting under the rules of the GDPR to being profiled.
But consent under the definition of the old cookie directive does not meet the standard required under the GDPR for consenting to profiling [1]. People like Max Schrems are actively engaged in trying to get the industry to turn away from their noncompliant ways [2]. Especially the use of certain UI dark patterns has already lead to hefty fines [3].
My hope is that, when this has all played out through the legal system, it will become clear to the industry that the stuff they are trying to get you to consent for them to do, is just outlawed altogether, thus scoring a victory for privacy on the web and rendering that consent-stuff moot.
If not, regulators may need to get involved to make it more clear, that this is the intended outcome, which I have no doubt they eventually will.
I also have high hopes that, eventually, GPC will become enshrined in law [4]
[1] https://academic.oup.com/idpl/article/5/3/163/730611?login=f...
[2] https://www.dataprotectionreport.com/2021/06/max-schrems-pri...
[3] https://www.cnil.fr/en/cookies-cnil-fines-google-total-150-m...
[4] https://globalprivacycontrol.org/