Correct (technically) handling of cookie consent

Question

I'm about to implement cookie consent for a website. As I understand it, cookie consent means that you shall not use cookies before you have received a consent from the user.

How can I know that a user have accepted cookies or not without storing this information in a cookie?

Answer 1

I sugest you set a cookie only if the user has accepted cookies. If this cookie is set dont ask again. Otherwise show the cookie consent banner again and again on every new site they visit as if they were new visitors.

What i find strange is that even big german sites like Stern.de, Focus.de, Spiegel,de and even the computer magazine heise.de are setting loads of cookies before they show the consent banner.

Even more strange is that while Stern.de and Focus.de also offer a complicate "Adjust" button (users usuarly dont click them because adjusting cookie preferences on every site is nerve wrecking), Spiegel.de and Heise.de dont even offer this. They just offer "Accept" or pay for a ad free version.

If you click on "Adjust" instead of "Accept" on the first sites they just close the consent banner.

So all the sites dont show a button to easily denie or delete cookies even i thought it has to be as easy to deny as to accept. Im not a lawyer too and this is no legal advice but if they all do it this way i guess this must be legal in Germany even it doesnt make any sence at all. Cookies are set no matter what the visitor does. The big question seems to be what es necessary? Are google Analytics und Adsense and others necessary to finance the server and keep the site online? Necessary cookies are allowed.

Writing this, there is an article in another big news site (that also sets loads of cookies before showing the consent banner and also just offers accept or pay buttons) saying someone had to pay €100 for not asking the visitor for his permission before even loading google fonts not even talking about analytics: https://t3n.de/news/google-fonts-illegal-urteil-dsgvo-1447698/

https://stackoverflow.com/q/70967060/12668719

Analytics Is there a setting on Google Analytics to suppress use of cookies for users who have not yet given consent

Adsense How To Make Adsense Load When Cookie Consent Given?

Answer 2

I'm assuming you mean the GDPR. Your understanding of it is incomplete: cookies that are necessary to deliver the site's functionality are allowed without consent. A cookie that merely stores consent is thus allowed, even if the user rejected other cookies.

I am not a lawyer, not legal advice, etc.