Comment by mindslight

Yes, the EU passed the ePrivacy directive in 2002. It was terribly broken (didn't actually address the problem it meant to), and resulted in malicious compliance of "cookie banners".

The EU then learned from these mistakes and passed the GDPR in 2016. The GDPR is quite on point - it directly addresses the problem, preempts the foreseeable ways which companies could sidestep such regulation, and didn't succumb to lobbyists looking to install backdoors.

The US could learn a thing or two from the EU regarding legislation.