Comment by veidr

Yes, I 100% agree they should just mandate compliance with a specific HTTP header — and prohibit any popup or other smarmy trick or dark pattern of different behaviour if the header is present — but why haven't they?

I am honestly curious. If you are willing to go as far as they have, why not go that relatively tiny extra step?

I think it is a problem with the regulator. The cookie agreement mandate has legitimately fucked up the web for everybody. It's also done it in a way that mostly neutralizes the intended benefit of the law (because everybody just clicks the "fine! stuff your cookies up my arse or whatever, just get on with it!" button).

But a competent regulator must both measure the impacts of their regulations, and take action based on that data. It seems a weird place to stop.