It’s mostly correct what the article says but I’ll never really understand why you would quote some laws and not say which ones you’re quoting. The relevant parts here are not from GDPR but from the ePrivacy Directive 2002/58/EC, i.e. the more specialised law on what the EU calls electronic communications. And its Article 5, paragraph 3, which is about “information stored on the terminal equipment”, meant to include cookies without calling them such, was added to the law in 2009, 7 years before GDPR was adopted.
It should also be noted that a directive isn’t an “EU Law”, since it cannot be enforced directly (as opposed to a EU regulation such as the GDPR). It’s basically a framework that all EU member states have agreed they would each pass as a Law in their own jurisdiction (which explains the first quote in the article beginning by “Member States shall ensure …”).
Since eprivacy is “just” a directive, each member state has since passed their own implementing Law that have the same basis but can vary in their specifics, so rules on tracking and cookies aren’t the exact same in each member state.
It’s mostly correct what the article says but I’ll never really understand why you would quote some laws and not say which ones you’re quoting. The relevant parts here are not from GDPR but from the ePrivacy Directive 2002/58/EC, i.e. the more specialised law on what the EU calls electronic communications. And its Article 5, paragraph 3, which is about “information stored on the terminal equipment”, meant to include cookies without calling them such, was added to the law in 2009, 7 years before GDPR was adopted.
It should also be noted that a directive isn’t an “EU Law”, since it cannot be enforced directly (as opposed to a EU regulation such as the GDPR). It’s basically a framework that all EU member states have agreed they would each pass as a Law in their own jurisdiction (which explains the first quote in the article beginning by “Member States shall ensure …”).
Since eprivacy is “just” a directive, each member state has since passed their own implementing Law that have the same basis but can vary in their specifics, so rules on tracking and cookies aren’t the exact same in each member state.