Believing that there is such a thing as an "EU cookie legislation" is a clear sign that you don't know what you are talking about. You seriously want the EU to micro-manage the HTTP spec?
> You seriously want the EU to micro-manage the HTTP spec?
Well no, what you really want is browsers that do the right thing to begin with and e.g. block third party cookies by default. Then you don't need "cookie legislation" at all.
But if they're going to require something then it should at least be clear what the requirement is. If multiple large corporations who can obviously afford competent attorneys are doing something ridiculous, that's pretty good evidence that your legislation is drafted stupid.
But it is not just third-party cookies that are the issue. If that was the case it was easy to solve. But consider if you buy some books or sex toys or whatever from an online store. Do you want the store to sell information about your purchases to third parties? That is what the "cookie consent" is about.
But that has nothing to do with "cookies" at all. You could in principle implement purchasing using client-side javascript without any cookies, as long as you don't care that the customer's shopping cart disappears if they close their tab, and when the customer sends their purchase information you'd still have all their personal info even if you didn't use any cookies.
Meanwhile the actual problem with (third party) cookies is that they're used to correlate users across multiple sites for tracking purposes, which goes away when browsers stop accepting third party cookies by default.
> But consider if you buy some books or sex toys or whatever from an online store. Do you want the store to sell information about your purchases to third parties?
This is really a different problem, because how are you supposed to know if they're doing this anyway? How is the government? Once they have your information there is no real way to tell what they're doing with it if they're willing to lie to you.
So the answer is to make it so they never actually have your personal information. But for this we need some kind of anonymous digital payment system for small transactions, so that the vendor doesn't have to know who you are. If all they have is a transaction ID from a bank that lets them get paid and a virtual one-time-use PO box number you had the item shipped to which forwards to your real address for a week and then is deleted forever, they can do whatever they want with that information and you don't have to worry about it.
The obvious problem we all know, is that a browser cannot distinguish between a functional and an advertisement cookie. And honestly, cookies are a method. There are tracking methods where the user agent has no chance and is not involved.
Also GDPR is addressing much more than tracking consent.
> The obvious problem we all know, is that a browser cannot distinguish between a functional and an advertisement cookie.
Sure it can. Functional cookies come from the domain the user actually visited, advertising cookies come from other domains. That's not always true, but it's true often enough that those should be the defaults.
Firefox even does one better. It has a feature you can enable called "first party isolation" that allows third party cookies, but keeps a different set of them for each domain the user actually visits, so if the user visits a different site none of the third party cookies from the first site are there and they can't be used for tracking between sites.
> Also GDPR is addressing much more than tracking consent.
Next week we'll probably discuss some different part of it that would have been more effective if done some other way.
I'm very curious what leads you to believe that this law doesn't exist? And be so sure about it as to call out someone else for not knowing what they're talking about.
"Passed in the 2002 and amended in 2009, the ePrivacy Directive (EPD) has become known as the “cookie law” since its most notable effect was the proliferation of cookie consent pop-ups after it was passed."
