[lucb1e]

> If you can set cookies, the user has already expressed their consent by enabling the cookies in the browser. As long as cookies' existence is common knowledge (it is by now), there is no need to duplicate browser UI within every website.

Wrong. If I disable cookies in my browser, I can't log in to websites anymore, so they need to be allowed. A whitelist would be very inconvenient. On top of that, it's not explicit allowance, it'd be implicit (i.e. opt-out instead of opt-in).

I don't know if British legislation is different, but this is illegal at least in the Netherlands.

[rdancer]

You can enable session cookies only, even in the current UIs. Ditto for third-party cookies. Duplicating UI in a website is a solution looking for a problem. The web devs can nag the 0.01% who don't have cookies enabled, and leave the 99.99% who have them enabled alone.

It has never been enforced that way to my knowledge, anywhere in the EU. Which law or court decision says that it is actually illegal?

[lucb1e]

> session cookies

How does my browser know that one PHPSESSID is used for tracking, and another is a session? You probably mean until I close the browser, which would be never -- at least, I would never want to, but I do every few months for browser updates. (My laptop always goes in suspend/sleep mode.)

> Ditto for third-party cookies

I don't know what third-party cookies are anyway, and I bet my peers could not give me an accurate description either. We're all in the software business, be it game development or general software development or something.

Two gave a rough description but couldn't answer a question about whether embedded Like buttons would work if the user is logged into Facebook. Another just said "I don't know".

I'm not sure "the public is informed about all their options by now". The ones who really care generally use uBlock, ABP, Self-Destructing Cookies, Ghostery, etc., the rest just click "ok" because the sites do not inform them about these aforementioned possibilities: that wouldn't be in their interest.

> Duplicating UI in a website is a solution looking for a problem

Oh I agree it's an issue, I hate this cookie wall as much as anyone. I would love for there to be no need to ever see this wall.

> It has never been enforced that way to my knowledge, anywhere in the EU. Which law or court decision says that it is actually illegal?

I am not sure fines have been dealt, but the Dutch ACM ("authority for consumer and markets", literally translated) did give out warnings to non-compliant sites and they subsequently places cookie walls.

The law simply says no such cookies may be placed, it doesn't say "for a few months while users are unaware, and after that, oh well, have some fun picking your own privacy laws as you wish."

And yes, I know functional cookies and simple tracking is allowed if you don't invade a person's privacy. This means practically every major website knowingly tries to invade your privacy, because they have these walls in place. What do people say? "Fucking government does not understand the internet, look at all these walls." What should we be saying? "Wait why are they trying to create detailed profiles of me in the first place?"