So almost every GDPR cookie consent banner out there has a section for “legitimate interest” cookies that they can leave on by default and you will inadvertently accept even if you choose “Reject all” unless you go to the detailed settings and disabled those too.
Some of them have dozens of legitimate-interest cookies.
I read some articles about what they are and why it is allowed to keep them on by default, but they were very vague. So can someone explain it to me like I am five?
It seems you are confusing strictly necessary cookies with legitimate interest cookies, which are different things: https://kbin.social/m/explainlikeimfive@lemmy.world/t/466192/-/comment/2427882
It would help to clarify in the post that you’re interested in the legal aspects for the EU under the GDPR.
I had added the #GDPR tag to the question and, as far as I know, GDPR is the only regulation that requires a cookie consent banner and mentions legitimate interest cookies, but I may be wrong on that as I don’t know all the regulations around the world 😃 (and California tends to follow EU’s stances on these matters, so I wouldn’t be surprised if they were baking something similar to the GDPR if they don’t have it yet).
But yeah, you are right, people from many different places around the world could be reading the question, so I must have been clear that this is specific to some local regulation. I edited the post.