Kill the Cookie Consents

Europe’s cookie law messed up the internet. Brussels wants to fix it.

The European Commission wants to take a bite out of privacy rules that force websites to run cookie banners.

POLITICOEllen O’Regan

Something I think about on nearly a daily basis is how much time I've wasted of my life clicking away cookie banners. Sure, it's a few seconds here and there, but those add up in aggregate. And I, like everyone who lives in Europe, am doing it many, many times a day. Every day. And some have been doing this for over 15 years now...

And it's actually worse than tedious or time-wasting, it actually does the exact opposite of what the intent was: to make people more mindful of their privacy and give them more control. No one reads these anymore, no one. I see you piping up, privacy person... No one. No one. No one. No one.

European rulemakers in 2009 revised a law called the e-Privacy Directive to require websites to get consent from users before loading cookies on their devices, unless the cookies are “strictly necessary” to provide a service. Fast forward to 2025 and the internet is full of consent banners that users have long learned to click away without thinking twice.

“Too much consent basically kills consent. People are used to giving consent for everything, so they might stop reading things in as much detail, and if consent is the default for everything, it’s no longer perceived in the same way by users,” said Peter Craddock, data lawyer with Keller and Heckman.

The better way to do this, obviously, is to set such consents at the browser level. Once. Not every day, multiple times a day, for over 15 years. If a user wants to change something, let them change it in settings. And maybe there can be a browser setting to remind people of their privacy/cookie settings once a year or some other time interval that a user sets, if they care.

Most users, of course, do not care. Which I know makes these privacy people sad, but it's reality. And we've lived under their thumb for far too long.

Cookie technology is now a focal point of the EU executive’s plans to simplify technology regulation. Officials want to present an “omnibus” text in December, scrapping burdensome requirements on digital companies. On Monday, it held a meeting with the tech industry to discuss the handling of cookies and consent banners.

A note sent to industry and civil society attending a focus group on Sept. 15, seen by POLITICO, showed the Commission is pondering how to tweak the rules to include more exceptions or make sure users can set their preferences on cookies once (for example, in their browser settings) instead of every time they visit a website. 

This is so obvious that you have to assume it's not going to happen simply because it has been obvious for the past 15+ years and yet nothing has changed. Because Europe is going to Europe, but especially when it comes to anything having to do with tech.

I complain about this every so often – and even go viral on this topic every so often.¹ And each time, many people respond with a range of services – mostly browser extensions, but some apps too – that auto-dismiss such pop-ups. The problem here is twofold: first, which they work sometimes, they certainly don't work all of the time. Second, 99.9% of users will never use/install such tools. This needs to be changed at the EU level.²

¹ And yes, I know – thanks to about 2,000 replies – that it's not technically GDPR that mandates these pop-ups (well, not always, anyway). But humorously, one proposed change here is to put these consents under GDPR... ↩

² Also, while as you may have heard, the UK left the EU some time ago, one upside of that change was remarkably not doing away with this cookie consent nonsense. The banners are alive and well in the UK... ↩