Honestly this legend needs to die.

I've worked as a consultant for the EU Parliament and they are a lot more knowledgeable than you think and for things they are not, they hire consultants (like me)

There are a number of people directly elected in EU Parliament that have a background in technology, I personally know a couple or computer scientists, with lots of publications in their curricula.

Problem is the law cannot be written the way you are arguing about, that could be in the form of a directive not as a regulation[1], the regulation must be general enough and cannot address issues that have different legal bindings in the 24 EU countries.

[1] A "Regulation" is defined as a binding legislative act. It is immediately applicable in its entirety in all Member States and it overrules national laws. A "Directive" is a legislative act setting objectives that all EU countries must reach and translate into their national legislation within a defined time frame.

So if the law couldn't be written in a rational way without creating bizarre outcomes, then why create it at all?

When you create legislation, you're implicitly saying; "these rules we're writing down are important enough to enforce with the full monopoly on violence given the powers of government." The cookie popups seem extremely silly in that context.

I don't doubt you've run across some well-intentioned people. But as the saying goes, the road to hell is paved with good intentions.

Seeing a structurally dysfunctional system from the inside, and being able to empathize with the individuals in it, does not make the design of the system any less dysfunctional.

Cookie popups are bad, but they're pretty similar to a no smoking or no parking sign. In this case, it's the reverse. The whole internet bans cookies, but it informs you that you're entering a cookie zone.

These companies may think they're protesting the cookie law with popups but it's achieved what I expected it to achieve. It's given me fair warning that the site intends to track and monetize me, so I can walk away if I don't think it's worth it. And it adds a higher cost to it too.

> So if the law couldn't be written in a rational way without creating bizarre outcomes, then why create it all?

Nobody said that, I don't know why you're saying it, because it also makes no sense.

Do you also believe that we shouldn't have made murder illegal because murderer still exist?

There are always gonna be bizzare outcomes, pop-ups only speak about how lousy advertisers and tracking freaks are, but there have been certainly more bizzare outcomes, think about people refusing vaccines...

Compared to that pop-ups are just an annoyance that we can avoid by punishing the perpetrators directly not visiting their websites.

> But as the saying goes, the road to hell is paved with good intentions

it's all simple, until you have to convince hundreds of politicians to agree on a law that's gonna be enforced on 450 million people from 27 different countries, with 27 different legal systems.

Especially because many people that consider themseleves tech savy are more out of touch, e.g., thinking the privacy aspects could be solved through local cookie policies only, or that it would be a suitable solution to solve even just the cookie aspect in a nuanced, non-techie friendly manner.

Cookie consent should be the responsibility of user-agent cookie policy. And virtually all of the consent banners I've seen are about cookies. And I certainly think it has a better shot of being comprehensible by users in general than having a separate UI for consent for every site. Especially when it's in those sites' interest to confuse or annoy users into allowing the cookies.

In this thread I had the impression that the discussion widened to more than just cookie-banners, more general privacy on the web.

One of the problems I have with the pure-local approach is that I want certain cookies (or certain cookie functionality) of sites but not others. Some functionality I want and some I don't want can be implemented with the same cookie.

I think I would need tagged cookies (so I can disallow those that are used for things I don't want) as well as an assurance to not use the other cookies in the "wrong" ways.

That's why I think purely local cookie management is severly lacking and not suitable to tackle the problem in a user-friendly and nuanced manner - beyond an all-or-nothing approach.

I personally do not think a browser level approach can enforce the privacy goals without cooperation of (and therefore enforcement against the companies providing) the serverside implementation.

That, of course, does not mean that a browser level setting that has to be honored by the server side and can be transfered between sites would not be preferable to clicklists and banners.