I found the European CoJ (I think that's the English acronym...) case
I'm not really seeing any statements about when consent is required, rather about how it may be given required. In addressing question 1(b) they even specifically mention the need to protect users from hidden identifiers. I would argue a shopping cart is, at least, not the intended target here.
Nevertheless, you have convinced me that it is a good precaution to ask for permission for any and all persistent retrievable data, particularly in light of the wording of directive 2002/58.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Ah, I confused that. It was the BGH that confirmed the EuGH statement from 2019 (sources are mostly german).
And yes, you are of course correct that you can break the law even without cookies, but that requires sending user data to any services.
I found the European CoJ (I think that's the English acronym...) case
I'm not really seeing any statements about when consent is required, rather about how it may be given required. In addressing question 1(b) they even specifically mention the need to protect users from hidden identifiers. I would argue a shopping cart is, at least, not the intended target here.
Nevertheless, you have convinced me that it is a good precaution to ask for permission for any and all persistent retrievable data, particularly in light of the wording of directive 2002/58.