https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/blog-cookies-what-does-good-look-like/
Commentary:
https://www.hldataprotection.com/2019/07/articles/international-eu-privacy/cookie-consent-what-good-compliance-looks-like-according-to-the-ico/
Netherlands: DPA: cookie walls don’t comply with GDPR
EDPS: Guidelines on the protection of personal data processed through web services provided by EU institutions (Nov 2016)
https://edps.europa.eu/sites/edp/files/publication/16-11-07_guidelines_web_services_en.pdf
incl. also interesting links to other EU papers (e.g. on cloud)
Sadly from Nov 2016, so with GDPR in mind, but not in force, yet.
Covered technologies include
Cookies
Scripts (such e.g. JavaScript code) and components (such as browsers plugins) to be executed on the client side.
Web caching mechanisms
HTML5 local storage
“Device fingerprinting”
“Canvas fingerprinting” and “Evercookies”
Web beacons
Germany/BW: LfDI BW: FAQ zu Cookies und Tracking
ICO: Cookies
Enforcement actions by ICO on cookies
https://ico.org.uk/action-weve-taken/cookies/
ICO guidance on use of cookies and similar technologies
https://ico.org.uk/media/for-organisations/documents/1545/cookies_guidance.pdf
CNIL: Cookie best practices
[UK] ICO’s Liz Denham on direct marketing consent
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/02/dma-data-protection-2018/
”
Detail of the e-privacy regulation is still being debated, but a default for all consumer marketing to be opt-in is in the current draft.
Until the e-privacy regulation comes into force, PECR will sit along side the GDPR.
That means electronic marketing will require consent. Yes, there is potential to use legitmate interests as a legal basis for processing in some circumstances, but you must be confident that you can rely on it.
It seems to me that a lot of energy and effort is being spent on trying to find a way to avoid consent. That energy and effort would be much better spent establishing informed, active, unambiguous consent.
You say you will lose customers. I say you will have better engagement with them and be better able to direct more targeted marketing to them. You will have complete confidence that your customers have given informed consent.
“
Phil Lee on “consent” in ePrivacy (cookies) and GDPR
Good article by Phil Lee that summarizes the current discussions.