There are plenty of laws that would have been sufficient.
One of them would be to make browsers responsible for providing sensible defaults. And while the public perception might think the webpages are at fault it was the browsers that were responsible for storing and broadcasting private data. Arguably without clear and informed consent.
Of course there are problems with requiring software to have sensible default settings, but I reckon most problems with any legislation are due to the fact that none of them address the fact that cookies are a perfectly private system (with the user in full control of their own data) provided browsers don't send this data with every request without permission.
One of them would be to make browsers responsible for providing sensible defaults. And while the public perception might think the webpages are at fault it was the browsers that were responsible for storing and broadcasting private data. Arguably without clear and informed consent.
Of course there are problems with requiring software to have sensible default settings, but I reckon most problems with any legislation are due to the fact that none of them address the fact that cookies are a perfectly private system (with the user in full control of their own data) provided browsers don't send this data with every request without permission.