Yeah, the cookie law was a false start. Laypeople don't care about the exact technical implementation (e.g., session cookies vs. persistent cookies vs. local storage vs. browser fingerprinting).
What I care as a EU citizen: Are you collecting and storing information that can directly or indirectly identify me? Yes, tracking and profiling are included in this.
You want to store some session cookies, so you remember my shopping cart? Go ahead!
You want to store some cookies, so you remember I was logged in? Sure!
You want to use every available technological loophole to follow my every path on the Internet? Errrr, no thanks!
I think the cookie law is somewhat meah, but I feel GDPR is pretty future proof. I don't expect GDPR to change a lot, rather our application of it (so-called ECJ recitals) will evolve.
What I care as a EU citizen: Are you collecting and storing information that can directly or indirectly identify me? Yes, tracking and profiling are included in this.
You want to store some session cookies, so you remember my shopping cart? Go ahead!
You want to store some cookies, so you remember I was logged in? Sure!
You want to use every available technological loophole to follow my every path on the Internet? Errrr, no thanks!