Do you accept cookies? Anyone who has been using the web for more than a few years has probably noticed the proliferation of “cookie consent” language on banners and pop-ups across almost all websites. This isn’t just a coincidence; it is a response to a change in European law. The European Union’s General Data Protection Regulation (or GDPR) and the related ePrivacy Directive (sometimes called the “Cookie Law”) require that websites obtain and record user consent before tracking activity using the small bits of embedded website data called “cookies.”

The GDPR certainly has flaws, and it is by no means a complete solution to issues of online consumer privacy, but it is a unified system of privacy regulation in the EU “purpose-built” for the Internet—something that does not exist in U.S. law.