The simple solution is to forbid 3rd party cookies (and while we're at it third party JS as well, which I think is a much bigger problem than 3rd party cookies. I'm sure that will send shudders through the industry). And enforce it at the browser level by default and put up a big fat warning what the consequences are when you disable it.<p>That way we don't need to have silly laws that nobody will respect and we can all get on with making stuff work.<p>Third party JS opens so many cans of worms that I think it would be better if we just forgot about that whole idea, it'll never be secure and it puts too many juicy bits in the wrong hands.
This passed in Sweden about a year ago, as required by the EU-directive. What's happened since? Essentially, nothing.<p>While a few government-related sites show information on cookies and a checkbox for opting in, noting that the site may not work properly otherwise, the average site has made absolutely no changes.<p>I think this proposal sprung from good intentions, but has been executed poorly. It's likely aimed at reducing tracking-cookies, something which most of us would consider a good thing, but this is clearly not the right way. I know of no person or site that has gotten in legal trouble for not showing this "Cookie-warning" or an opt-in button. It's simply unenforceable.
A common misconception of the EU directive is that it applies to cookies only leading to many technical people to laugh about it. Any method of storing information in the user's browser is covered: <a href="http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications#Cookies" rel="nofollow">http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electr...</a><p>Article 5:<p>3. Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.
the bbc recently changed to reflect this law (i assume). i don't know whether the law is tortuous or not, but the bbc's implementation was clear, easy to understand, and helpful. i used it to protect my privacy. seems like a good idea to me.<p><a href="http://www.bbc.co.uk/privacy/cookies/managing/cookie-settings.html" rel="nofollow">http://www.bbc.co.uk/privacy/cookies/managing/cookie-setting...</a>