Internet's biggest annoyance: Cookie laws should target browsers, not websites

As others have said, we already tried this with DNT. Unless websites are legally compelled to honor the signal, the signal is worthless.

But here's an interesting wrinkle that may illustrate further complexity:

> Essential Only: "Only allow data necessary for websites to function (e.g., keeping me logged in, remembering my shopping cart)."

I would never have called either of those examples "necessary for websites to function". They are both just convenience things, not essential things. So there may be a lot of discussion needed about category definitions here.

If your website is a shop then being able to put things in a cart is pretty necessary no?

You don’t need cookies for that.

The point is that you need to track the person. The technology used is irrelevant.

The point is whether or not "shopping cart" cookies are "essential". I argue that there is nothing about them that qualifies as essential. The contents of your cart can be kept server-side, which means that using cookies to do it is not essential at all.

Making them part of the "essential" set in cookie banners is a category error. This is an important point, in my opinion, because if we allow websites to get away with saying nonessential cookies are essential, then the more obnoxious cookies people widely object to will just be counted as "essential" to evade people's preferences. Websites seem strongly predisposed to pulling the wool over user's eyes whenever they think they can get away with it, so this category problem is not without meaning.