@OatPotato @borup To this day, many websites still don't ask for consent. Cookie banners are just cookies wall with only OK/Accept button

At best there's a hidden Refuse grey link/submenu, which is illegal, as refusing should by as easy as accepting.

While still
- place tracking cookies at 1st load before the banner is even loaded 🤡
- continue to use tracking after users have refused
- such banner often ignore non-cookie based trackers (hidden pixel, AT Internet/piano/google tracking scripts…)

@OatPotato @borup

Some even have a shitton of individually actionable on/off switches¹ for like 10 or more processing purposes + several hundreds of switches for "parteners", with no "Refuse all" button, and a big green "Accept all"…

The ones using IAB TCF form are the worst offenders…

1. Or they seem turned off but each and every PII processing purpose switch is doubled with a hidden and/or greyed out "legimate interest" although many purposes have nothing to do with "Legitimate interest".

@devnull @borup for the "shitton of individual switches", some countries have made this illegal: the law says you MUST show a button to refuse everything on one click. But not all companies are doing it still.

And yes, the "legitimate interest" is the worst thing EU could let open, the line between legitimate and not really legitimate can be very flexible…