[luckylion]

Why couldn't that have happened in the browser though? We have plenty of mechanisms to block and/or delete cookies.

Essentially, now we're at a state where consent banners exist, slowing down all sites, and there are like four states: a) they look compliant, but are ignored by the website provider (the EU itself takes this approach), b) they are flat out ignored (a lot of companies still take this approach) c) they aren't compliant (tiny "no" link, huge "yes, take my firstborn" link) d) they're compliant and are paywalls (buy subscription or accept everything under the sun).

d) is what we're probably going to end up with, so you either pay or you accept tracking. More and more solutions offer that as an option so adoption will grow. Most people accept tracking (stats that I've seen say that those paying are like 1/10,000th), so what have we won exactly by doing this dance?

[layer8]

> Why couldn't that have happened in the browser though?

That would require more regulation, by regulating both browsers and websites, and their technical protocol. Instead the EU tried to minimize regulation by not prescribing the exact technical means by which websites would need to obtain consent for tracking from users.

[luckylion]

Why would cookie-handling in the browser require websites to be regulated? They can set cookies, your browser reads the request and then decides to store them or not to store them, or to only store them for some amount of time, based on your preferences.

Browsers could already do most of it, and there are far fewer browser manufacturers than website owners, and they have far more resources than the average website owner, and, at least for some of them (all of them except Chrome), the incentives would be aligned. Right now it's "protect the user (and earn less money)", and the results are unsurprising.

[layer8]

The browser can’t distinguish between legitimate “necessary” cookies that don’t require consent and those that do. Hence there would need to be a technical specification of how websites mark cookies that do (or don’t) require consent. Even more importantly, for cookies that do require consent, the user has to be informed about their respective purpose, so that they can make an informed decision about whether they want to accept or reject the cookie. So there would need to be some standardized way for the website to give that information for each cookie, if the browser is to handle acceptance on behalf of the user.

Lastly, cookies aren’t the only way of tracking. Websites can also use local storage, or fingerprinting, and so on, each of which can equally require consent. If the browser consent mechanism is restricted to cookies, websites would have to be mandated to always use a cookie to ask for consent, even when they actually use other means for tracking, and websites would have to explicitly check whether the cookie is stored or not in order to control any other tracking.