The entire thing has been performative regulation.
Did asking honest businesses to restrict how they use cookies protect users from invasive tracking? Nope. Data brokers simply employed other methods or bent the "legitimate interest" exception.
Did all websites provide a single button to reject tracking, with equal prominence and proximity to the accept button? Years on this is still rare, despite being the rule.
Did data brokers find new ways to obtain the same data? Sure did and more.
Was the end result a disproportionate burden on users, including those not even in the EU, while not delivering the intended benefit. Sure is.
Do entire websites, particularly those in the USA, simply geo-block all EU countries. Yep.
Did European-based services and news websites switch to a "let us track you or pay now" model. Yes.
Did data brokers exploit the EU's inability to police the matter by incorporating dark patterns, artificial pauses, and obnoxiously long lists to stymmie user's attempts at refusing tracking? Yep.
Did bad actors ignore the regulations. Yep. Was the EU toothless to stop that? Also yes.
So what did happen?
Instead developers of web browsers incorporated anti-fingerprinting technologies to negate the problem, a part of browser development that continues to be an on-going arms race.
Did asking honest businesses to restrict how they use cookies protect users from invasive tracking? Nope. Data brokers simply employed other methods or bent the "legitimate interest" exception.
Did all websites provide a single button to reject tracking, with equal prominence and proximity to the accept button? Years on this is still rare, despite being the rule.
Did data brokers find new ways to obtain the same data? Sure did and more.
Was the end result a disproportionate burden on users, including those not even in the EU, while not delivering the intended benefit. Sure is.
Do entire websites, particularly those in the USA, simply geo-block all EU countries. Yep.
Did European-based services and news websites switch to a "let us track you or pay now" model. Yes.
Did data brokers exploit the EU's inability to police the matter by incorporating dark patterns, artificial pauses, and obnoxiously long lists to stymmie user's attempts at refusing tracking? Yep.
Did bad actors ignore the regulations. Yep. Was the EU toothless to stop that? Also yes.
So what did happen?
Instead developers of web browsers incorporated anti-fingerprinting technologies to negate the problem, a part of browser development that continues to be an on-going arms race.