The common internet user might have the impression that cookies are a completely useless invention. Discussions on this topic usually refer to a privacy catastrophe that allows advertisers to track users across the Internet. Not to mention those annoying consent banners everywhere trying to trick you into saying "yes".
Thinking about data protection for the user from scratch means that the technical details of implementation play a secondary role. If you want to collect non-essential data from users in a privacy-friendly way, you have to ask for consent. All the other solutions out there, no matter how sophisticated, that help avoid the "cookie banner" for collecting non-essential data are not privacy friendly, they are just regulation friendly.
With this out of the way, we can think about how cookies can actually be used to improve privacy on the web. The most important thing here is to distinguish between essential and non-essential functions. For example, if you need to store a session identifier in a cookie for the user, this is essential and can be done without consent. A non-essential function, on the other hand, is collecting analytics data for a website. From the user's perspective, this feature is definitely not required to use your service and therefore requires consent.
Taking this further, for all cookie applications, whether essential or non-essential, it must be ensured that the implementation is secure and respects the privacy of the user as much as possible. In doing so, some technical details have to be considered. For this we have written an extensive collection of ideas that you can review on our blog.