The articles calling this a "Europe" or "EU law" are disingenuous. The EU issued a directive. It's up to the individual countries to implement the directive. So here's what happened:
Quite a few countries chose an opt-out system, which appears to be workable. Quite a few (most?) countries are still debating what to do or are intentionally or unintentionally dragging their feet (this is very typical).
The UK chose an extremely strict opt-in system, which is complete bullshit and unworkable in practise.
Now, I know it's "de rigeur" for the UK to blame Europe each time something bad happens, but in this case they only have their local government to blame. So please, stop calling this a European problem and tell it like it is: it's a UK problem brought onto them by a stupid government. The sooner the people of the UK realize they have their elected officials to blame, the sooner this can get fixed.
Here are some selective quotes from the document, I take it to mean: tell the user with a clear message at least once (ideally get them to click confirm but it's not a requirement):
"In some circumstances those seeking consent might consider implied consent as an option that was perhaps more practical than the explicit opt-in model... For implied consent to work there must be some action taken by the consenting individual from which their consent can be inferred... This might for example be visiting a website, moving from one page to another or clicking on a particular button... The key point, however, is that when taking this action the individual has to have a reasonable understanding that by doing so they are agreeing to cookies being set."
The UK has misunderstood the word "directive" for a considerable amount of time. Maybe it was a translation problem, and it should be reworded to "guidance", since the UK has a very bad habit of applying directives without due consideration. The rest of Europe leaves such directives where they should be, in a box marked, "Good but unworkable ideas. Please archive".
This is Europe's way of trying to make users read the Terms & Conditions of every website.
The intentions of the law are good, but I do not believe the approach is that smart. They could have made the companies who own the websites place cookies on the users machines only after they have actually created an account... that seems like consent to me.
Can someone explain to me why cookies are something that laws need to be written up about? What's wrong with cookies? What's wrong with paranoid people disabling cookies on their browser and then just granting access to the sites if they need to?
The EU privacy legislation is supposed to prevent
tracking of people without their consent/knowledge.
This is widely considered a worthy goal by consumers.
Fiddling with browser cookie settings is bad because it's
opt-out instead of opt-in, opt-out just doesn't work
since users have to be technically clueful and spend lots of time and effort on it. Compare to opt-in vs opt-out in email spam.
http://www.dlapiper.com/files/Uploads/Documents/DLA_Piper%20...
Quite a few countries chose an opt-out system, which appears to be workable. Quite a few (most?) countries are still debating what to do or are intentionally or unintentionally dragging their feet (this is very typical).
The UK chose an extremely strict opt-in system, which is complete bullshit and unworkable in practise.
Now, I know it's "de rigeur" for the UK to blame Europe each time something bad happens, but in this case they only have their local government to blame. So please, stop calling this a European problem and tell it like it is: it's a UK problem brought onto them by a stupid government. The sooner the people of the UK realize they have their elected officials to blame, the sooner this can get fixed.