A better option would be to just make tracking illegal, and heavily fine companies that are found to be doing it. And make it strict liability, so intent doesn't matter.
I know we all have our pitchforks out, and I hate tracking as much as everyone else here, but "tracking" is a very broad term, and is not always malicious. Unless you want to outlaw access logs, for example.
I see nothing wrong with outlawing access logs. They were invented and standardized at a time when the IP address field did not map 1:1 to the building in which you and your children sleep.
Which is why it should be defined in the law. The GDPR and the ePrivacy directive define what counts as tracking and what is acceptable. See for example:
That's reasonable. Could also decimate the adtech industry and cut them down to just serving ads based on keyword searches and location, like they did 20 years ago
> A better option would be to just make tracking illegal, and heavily fine companies that are found to be doing it. And make it strict liability, so intent doesn't matter.
I don't think it's that easy though. The "just" is doing a lot of work in there. Consider:
Some websites have login with third-party credentials. It doesn't matter that you choose to use these for convenience, because intent doesn't matter, and it is a fact that both the Service Provider and the Identity Provider are tracking you. IdP knows which sites you are logging in to, and SP knows and stores your third-party identity (they might say they need it to know which account you're logging in to, but like I said, intent doesn't matter).
Hacker News is currently tracking me. They might say the cookie is needed for session stuff to work, but intent doesn't matter, and it is a fact that the cookie uniquely identifies me.
My web browser is tracking my mouse position. Mozilla might say they need it for styling stuff to work, but intent doesn't matter, and it is a fact that Mozilla's software is tracking my mouse position in real time (let's not even talk about browser history).
Your browser cache might have two HN posts where my comments appear. If that's the case, then it would be a fact that you are tracking which posts I am commenting on. Intent doesn't matter, so hopefully you're not a company (tracking is fine if you're an individual though (based on the quoted text)).
/s
Hopefully this ride down the slippery slope illustrates some subtleties, at least without a very precise definition of "tracking". But then again, if the definition is too precise, there's gonna be loopholes in the letter of the law; in that case we might say that we should also consider the spirit of the law, but "intent" is part of that.
I can dream...