It's important to note that this is what European Commission has determined to be acceptable for them. One very important distinction here is, as far as I understand, that EC is not bound by ePrivacy Directive as directives bound member states and require them to include them on their national law. They do still try to be consistent with how the directive is applied in the member states though but since it can be varied they have more leeway compared to most other controllers.
The text on that website does state that some DPAs have found some first-party analytics acceptable, but that's not something that is confirmed by CJEU. And ePD does not have single-stop shop so you need to follow every DPAs directions if you are offering services to that DPA's country.
Oh, nice! That page seems to have been written a year ago[0] and I wasn't aware of it. If that had existed from day one, we probably wouldn't be having this conversation.
I'll concede that, but that's still several years after the law was deployed and people had to kind of guess for a while.
GDPR isn't unique in that. When HIPAA came out in the US, no one was sure what it actually meant. I personally talked to hospital administrators who were convinced that we'd have to put up a "take a number" device in waiting rooms and call out "#53? It's your turn #53!", which the owners of the practice I ran flat-out refused to do: "the waiting room is currently occupied by Mr. Smith and Mrs. Jones, who have known each other since kindergarten, and I'm not going to refer to them as numbers". It took several years to build consensus on how to comply with it.
In case it wasn’t clear, I wasn’t trying to “gotcha” you or anything. I took your message to be in good faith. I just knew the website used to exist on another page because I remember having it in my bookmarks and it breaking and having to search for the new one.
> but that's still several years after the law was deployed
Maybe, I do not know. I didn’t search for it before then, so for all I know it was available at some other domain too. Or maybe it wasn’t, that’s the earliest one I remember.
Understood, and appreciated in the manner in which you meant it! I do love talking about this stuff. I've discovered that I have a giant regulation nerd deep inside me.
That’s exactly what it does.
https://commission.europa.eu/resources/europa-web-guide/desi...
They list more types of cookies which do not need consent than the ones which do.