@brandon I dunno, it seems like a pretty headline to get good press for complying with a stupid law and not actually changing their behavior in meaningful ways
There is literally no nothing that talks about cookies. What they talk about is use of personally identifiable information (tracking cookies is one of those things).
The banner itself also is a not enough to get you out of abusing personally identifiable information. The site also should not track you by default (the banner should make it as easy to opt out as it is to opt in).
Based on their post, it seems as though Github is in compliance. Their previous banner was either unnecessary or not enough, depending on what their previous behaviour was.
Now all the of t his assumes the law is actually being enforced, which we haven't seen much of yet. There are some cases slowly making their way through the system, but I don't think expect to see anything in a while. The fact that nothing has happened yet is why people think that the cookie banner is enough to keep the theory illegal activities legit.
Cookies are just a technicality, what GDPR regulates is personally identifiable information - be it a cookie, be it a device fingerprint. At the same time GDPR doesn't require explicit consent for essential data like you don't have to consent to your IP being stored in Nginx logs for a brief period of time or Django setting session cookie.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.