It does make sense that 3rd parties should not be allowed to log cookies without your consent, i.e. all the ad trackers. If they had targeted those overly intrusive ad companies, great! It would have worked!
However they made the law too broad and had it cover on site cookies too, which get used for the typical session information that powers features that every consumer expects these days (recently viewed, shopping baskets, etc.). So the companies got caught in the general stupidity.
I never really understood why this was mandated as a server-side issue.
Rather than mandate every server behave nicely (an enforceability nightmare), why not mandate every client protect users' privacy with deeper cookie control? Sort of like the one time preference request option when installing something from an app store:
"This site tried to set a cookie to <adtracker.site-you-are-not-on.com>; do you accept (y/n)? (more info link) --> Cookies can be used to track you across websites; some people feel this is an invasion of their privacy."
You could even mandate browsers allow for whitelisting and blacklisting. For the people who care, it'd break the back of the tracking industry within one generation of browser evolution.
Browsers already can whitelist and blacklist IPs (though you'd possibly want a extension / addon to help manage that for you).
The problem is that:
1) every site writes cookies and some cookies are needed for sites to behave properly (eg it would be impossible to use online shopping without cookies). So the amount of "do you accept" messages you'd see would be insane. It would get to the point that users would just give up and accept everything (pretty much like we do now, in fact).
As a fun experiment, lynx (the terminal based web browser) asks you to accept cookies by default. So try browsing around the web with that. You'd see how very quickly it becomes the most annoying thing ever!
2) what happens when your tracking cookie comes from the same domain as site which you might want cookies stored from? You either have to accept being tracked or break that site.
3) lastly, there are methods of being tracked without the use of cookies. Cookies are by far the easiest and thus most common. But it's possible to work around disabled cookies.
> It does make sense that 3rd parties should not be allowed to log cookies without your consent, i.e. all the ad trackers. If they had targeted those overly intrusive ad companies, great! It would have worked!
I agree, but cookies aren't the only method of being tracked. So we're back to my original point that legislating against cookies specifically isn't the right way to go about addressing privacy concerns. Hense why I said they should be targeting the tracking data that is stored remotely, as that will cover a multitude of sins.
However they made the law too broad and had it cover on site cookies too, which get used for the typical session information that powers features that every consumer expects these days (recently viewed, shopping baskets, etc.). So the companies got caught in the general stupidity.