Well just whose site won't work because they can't set a Google Analytic cookie? ( Substitute your third party scumware cookie of choice at this point)
I agree, but the problem is we aren't just talking about Analytics cookies are we?
Any cookie will require permission, which may break functionality on some sites. Stopping admins using cookies to track a visitor across a single site is an exercise in futility, we all have the means to track visitors across our site if we really want (though not quite as simply). It's the cookies that are used to track users across the net that are the real issue (and as you say, this == big business).
So Europe is not really in a mess
I suspect you probably mis-read the OP's meaning there! Europe is definitely in a mess, for reasons other than cookies. The thing people miss, however, is that there are many different arms of governance. Those who deal with finances may well be running around like headless chicken, but for those tasked with meddling with/fixing other areas, nothings changed.
I just wish there was less bleating and more of that energy directed into compliance
Funnily enough, I think this about a great many things. But it always comes down to apathy, people would much rather do nothing 99% of the time, and hate it when you put them in a position where they have no choice.
What I really object to, is the focus on individual sites. I'm not the first (and doubt will be the last) to say this, but the functionality we are all having to implement belongs in the browser. Hell, it's already there so a refined UI is all that should really be required. Even basic user-education would have been a better route to take. I often hear the argument that to many, a PC is just a utility. Holds no water, we don't consider it unreasonable that you learn what's safe to do with a microwave, and what you shouldn't do, it should be no different for a PC. Again, it comes down to apathy.
You're dead on the mark about enforcement though. It's only going to be the big players, because they haven't the resources for anything else. From an enforcement point of view, the talk of session cookies is moot because it's highly unlikely the ICO will worry about such trivia. From a ISV's PoV though, it's incredibly important because you need to mitigate the risks of liability (I'm not going to worry about session cookies on my personal site, but will need to for anything we opt to release!).
The whole thing is a mess, partially as a result of people sticking their head in the sand, but also partly because it
is an ill-thought out overly broad law. The latter could be mitigated if the ICO were to actually give concrete, legible guidance, but they're not. It's like being told that there will be a ban on drinking under certain circumstances, but not being told what those circumstances are.
Finally,
Privacy. Call me cynical if you want, but IMHO this law will make no difference in the long-term. There are a lot of very clever people in big business, if they want to track you across the net they'll find a way to do it without cookies. I'm half expecting Chrome to start sending a unique 'Install ID' to Google instead of a cookie so that they can do just that. Realistically, all this change does is muddy the waters, cause people a lot of work all to achieve an end that may never happen!
