The GDPR has some language that tells companies to avoid putting cookies on users computers if they opt out of that. There is a very widely used wordpress infrastructure system called “Elementor” that apparently installs a type of cookie on users computers, and Elementor does NOT provide the option to discontinue that cookie as of 2020.
Every user of Elementor should be asking the Elementor to address this issue right away. However, it may not be necessary to pull the plug on the infrastructure of your website in the meanwhile.
First, if a website is GDPR (and other website law) compliant, they will generally have a message that warns the user of the privacy implications of using the site, and giving users the chance to accept or deny. Right now, if someone denies, you may want to restrict their access to using the site altogether. Many web masters who are very risk averse and using a strict reading of GDPR do this currently.
Second, in the GDPR there is the concept of “Legitimate Interest” where the court would consider a genuine reason for the cookie being there weighed against the individual’s rights and freedoms. Anyone bringing an action against a webmaster would need to prove that that a compulsory feature of the infrastructure that the company is trying to warn and mitigate against is a reasonable use; rather than the argument that it is used to infringe on the individual’s rights and freedoms. Additionally, the plaintiff would need to prove that particular cookie reveals personal information or identifies the user in some way. Investigation is needed to determine whether or not that is the case. There is no way to predict where a court might land on that, it is only to say that a plaintiff would have that barrier to climb first.
Third, companies with websites that affect users in the European Union, California, etc.; should have an attorney and website compliance law developer review their site for compliance issues. This would show good faith to any court that the company is attempting to be compliant.
Fourth, companies are always advised to carry insurance for these types of matters.
Fifth, if you are risk averse AND chose not to restrict the website to consumers who don’t agree with your Privacy disclaimers, then it may be in your best interest to find a developer that can work around this issue.