> I feel like I read somewhere that telling the user to adjust their cookie settings in the browser was speficically discussed, and not allowed, but I could be wrong.
Consent must be informed and specific, so simply asking users to set their browser to accept or reject all cookies (regardless of purpose) is not compliant.
On the other hand, if browsers get their act together and standardize a consent API with the necessary features, then browser-based consent management would surely be compliant. GDPR and ePrivacy don't address this explicitly, though GDPR Recital 32 considers consent by “choosing technical settings for information society services”.
Centralising consent in browsers is a key consideration in the proposal for an updated ePrivacy Regulation, but the EU is not going to mandate specific technologies. Everyone is well aware of the mess that is the Do-Not-Track header.
Consent must be informed and specific, so simply asking users to set their browser to accept or reject all cookies (regardless of purpose) is not compliant.
On the other hand, if browsers get their act together and standardize a consent API with the necessary features, then browser-based consent management would surely be compliant. GDPR and ePrivacy don't address this explicitly, though GDPR Recital 32 considers consent by “choosing technical settings for information society services”.
Centralising consent in browsers is a key consideration in the proposal for an updated ePrivacy Regulation, but the EU is not going to mandate specific technologies. Everyone is well aware of the mess that is the Do-Not-Track header.