On May 26th, a new cookie law was introduced in the UK , which renders most UK websites illegal and might ultimately transform into an EU law. In short, the new law only allows websites to set cookies on a user's computer when the user explicitly consents. It was changed last minute to allow "implied consent" . I am briefly going into some aspects of the cookie law and explain why it is a bad idea and does a bad job at protecting user's privacy. Many more reasons against the law can be found in a resource such as the "EU Cookie Law eBook" , which outlines problems with the cookie law.
Notice the bar on top which "informs" the user about cookies and allows them to "continue":
The average internet user doesn't know about cookies and will be confused by the pop up. Let's see how the guidance  suggests to inform users about cookies:
In "Providing information about cookies", it says: "Long tables or detailed lists of all the cookies [...] may be the type of information that some users will want to consider." And "For most users it may be helpful to provide a broader explanation of the way cookies operate [...] on your website."
Not only is this pop up or status bar annoying, it also doesn't make any sense. For internet users, the text translates into: "Would you like a better experience of the website?" Yes, of course I want a better experience – why are you asking me this? There is no mention of the "downsides" of cookies.
If the goal of this law is to protect the user's privacy or inform the user about cookies, then this law completely missed the mark.
I want to have control over cookie settings in my browser. Instead of a bar popping up every time I visit a website, I want to set my preference once. In my opinion there are two major concerns with cookies:
There needs to be an easy way to change cookie preferences in the browser (and other data that's stored on the visitors computer), and a sensible default choice.
Let's look at Chrome – one of the most popular browsers. Where are the cookie preferences?
Chrome → Preferences → scroll all the way down → "Show advanced settings..." → Privacy → "Content settings..." → Cookies
Easy enough? No one is going to look at these preferences.
Cookie preferences should be easy to manage. There should be a detailed explanation about cookies and a few easy choices that the user can select.
This is how the Chrome cookie dialog looks like:
None of these dialogs explains what cookies are.
Chrome's dialog provides too many options for the average user and is confusing. For instance, when I allow data to be set for the current session, why is there a need for another option that clears cookies when I quit my browser? Safari's dialog doesn't give me control about limiting the expiration of persistent cookies.
The by default available choices should be as simple as:
Everything else belongs to advanced settings. I don't see much point in explicitly limiting session cookies or third party cookies. The settings should apply to all types of data that are stored on the visitor's computer, including Flash cookies or local storage.
P.S.: This website shamelessly uses Google Analytics and doesn't give you an option to opt out. And even if you disable cookies, I'm tracking your requests anyway.