[Xophmeister]

The "Cookie Law" and the GDPR aren't the same thing. I've noticed people make this mistake a few times recently.

The Cookie Law is circa 10 years ago, I think, and is widely considered to be poorly implemented. The GDPR is newer (implemented in 2018) and is widely considered to be a good idea. AFAIK, the GDPR didn't subsume the Cookie Law, but I may be wrong about that.

[the8472]

The law isn't poorly implemented. The way websites deal with it is. Just don't set any cookies for a read-only visitor and you don't need to add any popups.

[lmkg]

It's both. The law itself is poorly thought-out and overly restrictive. And then websites also don't understand it and do stupid things in the name of compliance, which are neither compliant nor beneficial to the user.

[jimmaswell]

"Make a fraction of the ad money you'd have had with targeting and you don't need any popups" doesn't help people running non-hobby websites put food on the table.

[Xophmeister]

Yes, fair enough -- point taken :)

[lmkg]

> AFAIK, the GDPR didn't subsume the Cookie Law, but I may be wrong about that

You are correct. GDPR repealed and replaced the Data Protection Directive (DPD) from 1995. The "cookie law" (ePrivacy Directive, ePD) was an extension of the DPD, and made heavy reference to it. As part of replacing the DPD, GDPR includes a provision that any law referring to the DPD now refers to GDPR instead, which affects the ePD.

So ePD is still in effect, and by reference uses GDPR's new stricter definition of consent. This is a problem. The ePD was dumb but mostly ignorable. The "upgrade" has made its dumb-ness actually impactful.

[codeulike]

Yes the Cookie Law was older but websites determination to harvest as much as they can despite GDPR is what spawned these giant horrible pop-ups that have ten rows of confusing switches. Its a trick to make you opt in to all the things that GDPR says you should be able to opt out of.