I would like to join this religious discussion by adding my two atheist cents:
The GDPR is about tracking IDENTIFIABLE INFORMATION of visitors of your website. So tracking repeated visitors makes you IDENTIFIABLE in sense of “that guy was already here”. (the mildest case of reasons why one would track you, I won’t go into details about other ones here)
The problem is, that politicians are not web developers. So they grasp the issue with their limited minds and put a term on it. That is how we got to “Cookie Banners”. Because back in the old times we just set a cookie and read it when someone visited our websites and said, oh hey, that’s them, they loved orchid part of our website, so let’s show them orchids in the sidebar.
BUT:
As soon as politicians will find out, that you can use Google Analytics with localstorage and without cookies and still find out that you are who you are they will “amend” their laws. That is why lawyers tell you all to add “a cookie banner” to your website and not an info about you tracking their activity on your website.
Lemme repeat: IDENTIFIABLE INFORMATION. That does not mean something along the lines of “hey, it’s @davidsneighbour and he visited this and that page and purchased this and that good” but a more generic “hey, this user was here before and visited this and that page and purchased this and that good”. Which is enough to just show you other products from the categories “that user” visited before.
Visit a porn website and check out the code (type the url, close your eyes, press enter, type Ctrl-Shift-J look at the side where the devtools show up ;), sorry, but porn websites are a treasure trove of “how can I code around privacy rules these days”). They can identify you by the size of your view port, via local storage, via browser history, via browser cache (well not anymore since the latest Firefox version and the next Chrome version). If one wants to track you they will find a way. And THAT is what GDPR is about, the rule that you have to tell your visitors that you don’t care and want to see EVERYTHING.
I am pretty sure, that plausible.io does not use cookies and thus by using terms like cookie consent won’t need any. They still track identifiable information. There is NO way to track “unique” visitors versus “total pageviews” without setting something and tracking that information about multiple page views.
“Politics” will catch up and word these laws better. Until then, if you operate your site in one of the countries that are covered by these laws, you just have to do MORE than is required, because there is always some a**h**e that interprets the laws their way and tries to make money out of it. That’s a hobby of German lawyers for instance. You post a photo of a piece of bread and the next day you have a letter from some lawyer in your mailbox.
RANT OVER.
PS: Saving your visitors request to NOT use cookies in a cookie. Just saying hihihi.