1033
European Union set to revise cookie law, admits cookie banners are annoying
(www.techspot.com)
This is a most excellent place for technology news and articles.
That is actually really close to what is present now. The EU never said "use cookie banners" but rather "if you really want to track people, they have to say yes". And most commercial websites decided to make it hard to say no, now everyone blames the EU for doing so. Your second point is not yet implemented, this would be really good for consumers.
They never should have made opt-in an option in the first place. All the legitimate reasons to store data are already permitted without asking permission (required for the site to function, or storing data the user specifically asked the site to store such as settings). All that's left is things no one would reasonably choose to consent to if they fully understood the question, so they should have just legislated that the answer is always "no". That plus a bit more skepticism about what sites really "need" to perform their function properly. (As that function is understood by the user—advertising is not a primary function of most sites, or desired by their users, so "needed for advertising to work" does not make a cookie "functional" in nature. Likewise for "we need this ad revenue to offer the site for free"; you could use that line to justify any kind of monetization of private user data.)
There is a fine and impossible to hit line that businesses have their own interest of surviving and should be able to use data. Like making better suggestions or tracking whether certain changes in their homepage work. This is not required for functioning but vital to companies for succeeding and giving you a better product. However, this should only be done on one site at a time, cross-site tracking oe fingerprinting is what sucks and allows data brokers to exist in the first place.
No lawyer can hammer into law, what a site needs to function, as it differs by site and is flexible in what people think is necessary. But your examples are good in that they show how sites go way too far to justify their over-the-top tracking. Maybe there really is an easy way to write it in "legalese", but I don't see it yet. But I am fully on your site, the current behaviour and practices are bad and unclear for customers.