"The Danish DPA reprimanded a controller for a cookie banner that did not comply with Articles 6 and 4(11) GDPR as the consent was not informed and because the controller used colours and designs to influence the user's choice in violation of Article 5(1)(a) GDPR." (https://gdprhub.eu/index.php?title=Datatilsynet_(Denmark)_-_2021-41-0149&mtc=today)
Meanwhile, in Poland:
The DPA fails to properly justify that the cookie IDs in a given case constitute personal data and is not competent to assess the legality of collecting consent for the use of cookies. while the Office of Electronic Communications, which should address the topic of collecting consent for the use of cookies, continually claims that consent can be given through browser settings. And no complaint can be filed with the latter, as it is not provided for in any regulations.
Would it be wrong to say that explicit values of `DNT` constitute user's statement of will?
I'd dearly hope we don't say that websites are required to prevent the user from using automation to give/refuse to give consent.
@agnieszka Wouldn't having it be obeyed be a kind of "giving consent via browser settings"?
@robryk If DNT was actually observed, then yes.
@robryk
DNT does not protect users and can be ignored by websites. At least currently. It would be great in the future to have such an effective tool, but for now it is a fiction.