Additions to the cookie party
At it’s very core, the ability to turn all cookies off is a must. The option to have cookies turned on on a per-user basis will be pretty important too. The JS option, whilst it works well for Google Anlytics, may be too specific to allow the widespread control of EE’s core and 3rd party cookies.
Beyond that, the option to allow some cookies and not others would be especially useful as eCommerce shop carts need these to handle their contents. Blocking a user’s access to a site pending their acceptance of cookies won’t work for someone like Facebook who can make those demands (yet ironically are the very sites that need more privacy control exerted over). For a small business however, putting up such roadblocks to access is too damaging. Conversely, killing all cookies regardless is, as Michael Barker put it, “overkill” - this will also lead to a hampered user experience as cookies are now no longer able to be used for otherwise legitimate uses.
If it's not in EllisLab's remit, I’d like to see some bright EE dev come up with a plugin that can either work on it’s own or integrate with something like CookieControl to handle the turning on and off of all cookies that start with exp_. The option to make certain cookies exempt (such as the exp_cmcartid cookie used by the excellent Expresso Store module, and used on the Very Delicious Cheesecake site we did recently) would also allow the exemption of essential cookies from it’s control.
So there it is clever ExpressionEngine developers - anyone feel up to the task?!
I’d wager there’s a unlimited site use license in there for someone who cracks this particular piece of legislative hassle. I know I’ll need to go back to all our clients, explain this legislation and then spend some time updating their site to ensure compliance.