Downvoted? Must be one of those SEO types
Comment "a" is absolutely correct. While we have some DPA provisions, they count for little in other countries, and if your information is sold on, how many FoI requests would it take to track down any of it?
Comment "b" will be harder to put into law, the way HTML is set up means there's quite a bit of cross-site nonsense on the larger sites. It is much easier to implement blocking as this will work globally instead of on sites within the EU's powers. Note, by the way, that El Reg is currently having google-analytics, doubleclick, quantserve, and intellitxt blocked...
Comment "c" is a practice that should be deemed unlawful, but is likely to fail with the "if you don't like it, don't install" excuse. It is hard to have a secure OS and secure browser, it is harder when companies want to foist crap on you. Maybe mandatory compensation for affected users following insecure code would be a start, though that is a slippery slope that could badly affect hobbyist programmers (who could stand to lose) against giant corporations (who stood the EU's fines and survived).
Comment "d" will never stand up. One of the things I hate about Sky is you pay a subscription and THEN get advertising pushed at you. Like with the adverts in Film4, I think we will have to accept that advertising is a "necessary evil" (it isn't too hard to cut it from MP4s anyway). On the Internet, advertising helps fund sites. I, personally, hope my use and contribution to ElReg makes up for the fact that they won't be getting a penny from me in advertising. I block it all, and even if I didn't, I am way too cynical to click on an advert link. But, you know, somebody has to pay. For the server, for the techies, for the hosting, for the legalness if an article or commentator says something that somebody takes a hissy-fit over. And maybe for a dozen things I've not even thought of. Some people put their content online for free (and advert free) because they are able to (my site is like that, though whether it has USEFUL content is another question entirely! <g>). Some people put advertising on the site to get the bills paid, so effectively the site supports itself. The Russian that did that random-video-chat thing said the itty-bitty four ad links at the bottom paid for the hosting. And some w*nky people see the only value to a website is to "monetize" it in every way possible. You used to get these sorts of people at the local markets, now they're wired. But thankfully, even with adblocks, it is fairly easy to spot these sites. The amazing thing is RARELY does such a person have content you can't find elsewhere - a lesson Big Mr Murdoch might want to consider learning.
Point "e" makes sense, but the problem is while it might *technically* be possible to depend upon the display of adverts in order to supply content (I have, on some streaming video sites, been told I must turn AdBlock off, which I am happy to oblige... NoScript catches the nasties!), the biggest cause of headaches is web developers that really should go back to HTML3.2 -safe sites, for they are living in a Flash/script/HTML4/CSS2 world with a hundred toys and no real clue how to use any of them. I saw a low-budget horror (hah, barely...) film once that was produced entirely digitally. The director probably came in his pants reading the instruction manual, and the result? A mess that used probably every effect available not for artistic reasons, but more because they could. Some websites are like this, too.
Let me add: f. The right to demand that a name/address be removed from the company's existence, no more mailshots and not surreptitiously sold on...
g. Penalties for unwanted advertising (specifically spam) take place at point of reception, not point of origin, thus we can file claims against spammers. Spams are trying to push something, so spams with mangled trace information/headers should be treated as intentional fraud on the part of the spammer, and if the trace information simply isn't available (i.e. botnet output), then the company of the product spammed should assume liability.
h. A revision to option "c" - if YOU choose to install a program on YOUR computer, then YOU assume responsibility for its operation. However, if a company REQUIRES you to install anything else on YOUR computer, THEY assume responsbility for it (even if it is not directly their product; like Adobe pushing McAfee, Adobe should assume responsibility if McAfee was not opt-outable). This extends to, but is not limited to, full technical support for repairs if said pushed software fails (re. recent McAfee update balls-up, it would be valid to claim for technical support to get it fixed, mileage/transport, plus quantifiable loss of earnings (i.e. if you earn 31k/month and it takes you two days off of your work to reinstall/reconfigure everything, then 2k for 2 days is quantifiable). As THEY pushed the software, the onus is on THEM, not you. [at least in the case of Adobe, you HAVE a choice...]
i. There should be a master repository of email addresses (looked up by a one-way hash, not the address itself). So when somebody signs up for a service, they can hash the address and look it up to know if you have registered with the repository to state that you do NOT want your contact details passed around. The problem is getting this to have any effect at all outside of the EU.
j. There needs to be effective blocking to counter the US Patriot Ac re. data held within a company that may pass it though US jurisdiction. That pissed all over any attempt at privacy, and it is up to the EU to attempt to sort this out (for our own governments have proven woeful at anything remotely resembling privacy). Ditto bank information/flight information. Either this detail is a necessary act of anti-terrorism in which case ALL such information (without restriction) should be available, or it is a data harvest scam. The one-way nature points to the latter. This might not sound Internet related, however if you run Flagfox, you might be surprised at where some websites turn out to be. And if said website has a form that asks you for personal information...
k. Final one - various accessibility laws protect the rights of individuals who are blind, deaf, etc. How about an accessibility law that mandates that if a company's sign-up form specifically ASKS you to select your country, it MUST NOT require a valid zip code. You have NO IDEA how many companies have lost my business because I tell the form I'm living in France, and it tells me my postal code is incorrect. I once tried to fool it with 90120 and it asked for a state. I told it the code for California, and it said that was not a valid address in France. WTF? If it knows I'm in France, why does it insist upon a US zip code? Are web designers THAT stupid? [rhetorical question, don't answer...]
l. (not internet directly) but we really ought to, at school, educate children to the basic principles of privacy - in other words, don't autoblather every thought you have on Facebook and/or Twitter...