> And what would the language you propose look like for this legislation that doesn't have loopholes, caveats, etc for people to get around once the lobbyists are done with it?
It already exists - it's called GDPR. It deals with the root cause of this design pattern which is collecting data about clients secretly. It's enacted in the EU and it's excellent. It's not perfect - there's still some oddities and extra work for implementers (and the 'accept cookies' on every page thing is a faff for users) but the overall effect is extremely positive.
Lax enforcement is a separate issue from saying it's not possible to even write a useful law in the first place. Both are needed but the rules need to exist before we can even consider enforcement mechanisms.
It already exists - it's called GDPR. It deals with the root cause of this design pattern which is collecting data about clients secretly. It's enacted in the EU and it's excellent. It's not perfect - there's still some oddities and extra work for implementers (and the 'accept cookies' on every page thing is a faff for users) but the overall effect is extremely positive.