Isn't it crazy how the cookie law requires all web sites to be honest and provide opt-in mechanisms, while still doing nothing to protect against shadier outfits ignoring it all, when a browser setting could solve the problem in a 100% failsafe way?

Well, it doesn’t require all websites. Only those who use additional technical means purely to track the user.

A login cookie doesn’t require approval, nor do settings cookies.

Only once you start loading Google Analytics, Piwik, Facebook, etc the law starts to apply.

Does this cookie law only apply to sites that operate offices within the EU? Won't all US-only sites be unaffected?

A guide to blocking the Facebook Pixel

Add the following to your HOSTS file:

https://github.com/panicsteve/facebook-hosts-file-additions/...

because the law was shitty.

the boiler plate message it allows fails to explain anything. who is receiving the information? for what uses?

the silly message is expertly conceived by published as to fog the reason. most people in the audience think that is a paranoid warning about first party cookies, which are perfectly fine.

Plus it's basically too late by the time you show the message... cookies have already been set and sent...

Eh, no.

Tracking cookies and code can only be set and loaded after the user has accepted them.

Interesting. I'm new to this. What do I need to know to make this legal?

Get consent, full opt-in. I think most people just do a "do you accept this page uses cookies? Yes, No, Read more" and on the read more page you specify what you use the cookies for, and how you interact with Facebook.

On top of that you can also start respecting the Do Not Track header sent by some browsers https://en.wikipedia.org/wiki/Do_Not_Track

Simply, you first present the user with a dialog asking them for approval to track them, (and you have to make that explicit), and only once given approval, you actually load the tracking code from Facebook, and interact with their third-party cookies.

If the user says no, well, just redirect to Google, or something – but you can’t load or set that tracking data before the user has clicked "Yes, I agree", and you can’t hide the fact that users are actively tracked in the ToS or somewhere.

If you don’t care about breaking european law, you can just leave the tracking there, never asking the user, but, well, you’re breaking european law then.

Has anyone actually been prosecuted for this? I can imagine that in Germany they might follow up on this but elsewhere in Europe I see plenty of sites not informing users.

Actually, yes. And, yes, it was in Germany. And it was in fact for using Facebook tracking pixels and "like" buttons by large newspapers.

Which is why every newspaper then switched to "2-click Like", where the Facebook button is first shown in grey, you click it, it loads the actual button, and you can like.

It was also recently confirmed in a court case from this year (15'000€ fine for using it): http://www.verbraucherzentrale.nrw/mediabig/239773A.pdf

No-one cares about this. The cookie law is dead.

Interesting claim, considering someone has been sentenced to a 15'000€ fine for violating it just this year. http://www.verbraucherzentrale.nrw/mediabig/239773A.pdf

If you want to ensure you don't get fined, I'd rather let the user opt-in than risk a legal confrontation.