Well, this is a little more complicated, because the cookie issue stems not from the GDPR but from ePrivacy.
This directive explicitely targets reading/writing into the user terminal without autorisation, hence the application to cookies.
Edit: removed a post, that was not explicative enough.
But the articulation is: ePrivacy says you need to consent to write non-essential trackers. GDPR defines how you can obtain the consent. So both laws take part in this ruling.
This directive explicitely targets reading/writing into the user terminal without autorisation, hence the application to cookies.
Edit: removed a post, that was not explicative enough.
But the articulation is: ePrivacy says you need to consent to write non-essential trackers. GDPR defines how you can obtain the consent. So both laws take part in this ruling.