In May 2011 a EU directive was adopted with the goal of empowering web users with control over their exposure to cookies. The main issue is that 3rd party cookies allow users to be tracked across websites. The issue is that websites are often a mash-up of content coming from various services, each providing their own set of cookies. A service (a 3rd party) can thus track users across all websites using it.
In Slovenia I have participated in the process of adopting this directive into a local law which come into the effect in 2013. During this process I believed that the goal is good, and the law is reasonable. I thought that it handles technology well and with understanding, defining cookies broadly enough to be applicable to various tracking techniques and not just literally only cookies.
Maybe because of my participation and hearing all the arguments and perspectives I had a biased view, because once the law got into the effect a public outcry followed. At approximately the same time it got into the effect also in other EU countries which just reinforced public reception. Developers did not like that they had to do extra work and web frameworks they were using were not really helping them. It was unclear who will pay for that, especially because those changes were not planned and budgeted, especially for sites already made. To my surprise even developers who are otherwise outspoken about users’ privacy disliked the requirement of asking users for consent about cookies.