The focus on cookies was always a bit off and more a result of too much technical detail resulting in laws missing their intent. The legislative moves slowly, over time, this will be fixed. However the legislative regulating how webservices have to handle data privacy was very necessary (and the people of the USA should really consider amending their constitution by also demanding a basic human right to data privacy). The key elements are "informed choice" and "consent to data gathering/processing" which have little to do with cookies. Let's say you buy a smartphone from china and it comes with a keyboard app that sends all your inputs to a chinese company so they can make predictions and offer autocompletion. You kind of want that app to display a banner asking you if that is okay. And you kind of want a privacy policy attached that explains they will create user specific profiles and sell them to advertisers and share them with the chinese ministry of state security. I think you want that banner. Now google analytics isn't much different. It tracks you all over the web, creates profiles of your browsing habits, sells those to advertisers and shares them with the american national security agency. Sure it also shows statistics to the website owners, the same way that keyboard app has an autocomplete function, but you kind of want to be informed about those other functions and have the option to say no, don't you? That is why 'consent management' is so important for data privacy.

> the web is a worse experience as a result, with marginal privacy gains.

The web is a worse experience because of companies like Google and IAB willingly breaking the law. But sure, blame the law.

I'm really hoping Do Not Track becomes legally binding. (Also, how is it not already treated like a piece of a contract negotiation? It is machine readable and sent on every request. Hidden website EULA's are already treated like contracts.)

DNT is deprecated and now removed from all browsers because it was ironically used for fingerprinting and tracking.

> Cookies are just completely broken

In what way?

> The EU should never have got involved in the way that it did

Maybe, can you explain where it failed.

> the web is a worse experience as a result

That's debatable

> with marginal privacy gains

can you quantify that?

Myself, I turn off all JS and nix all cookies (with about the only temporary exceptions being for posting on HN). WFM.

We.don’t.care.about.experience.

We care about privacy.

I would rather use Lynx than any more creepy JavaScript.

When I want “experience” —- a concept I loathe because it is a euphemism in all senses, and somehow arrogant and naive at the same time. —- that is the role of a desktop program. And it better ask me and inform me whenever it wants to perform a network request.