I certainly agree that those points are a great start and should definitely be considered within a User Requirements Document.
If WordPress is to remain publisher-friendly, they should be core functions managed via the admin menu. Aside from catering to technically unsavvy publishers, this will also cover all angles systematically (eg including registrations originating via the Meta widget).
Cookies and existing users
Another requirement arising from the EU cookie law is that publishers (and therefore WP) must gather opt-in consent from all previously registered users. Simply updating a site's Ts & Cs won't suffice:
WP must also address this via core functionality. I can't speak to the best technical solution, but it may involve placing (with consent) an additional "cookie consent storage cookie", so users don't have to be asked every time they come back to the site.
Whether and how WP chooses to address the issue of managing cookie consent for plugins will depend upon its level of interest in meeting the needs of developers, publishers and end users (which will, in turn, impact upon the willingness of publishers and end users to keep using it).
> Is it best to require all plugin developers to replicate (possibly in myriad different ways) coding that seeks consent to receive cookies? Is it efficient in coding terms? Will it look good at the front end? How can plugin-related consents, including the ability to opt out of each individually in the future, best be managed?
> Do publishers want end users to be presented with intrusive requests for cookie consent from multiple plugins at multiple points during their user experience?
> What would the best overall legally compliant solution look like from an end user's perspective and to what extent does WP wish to enable publishers to deliver this?
Rather than just identifying and addressing the bare minimum that WP needs to do, wouldn't it be best to identify how WP can provide the tools to provide an overall solution?
Why not tackle the issue in a way that creates a selling point to European publishers? You can imagine a tick list of features:
"WordPress enables full compliance with the EU Cookie Law:
- No manual coding or template changes required
- Admin menu-driven cookie consent management for core WP features
- Admin menu-driven cookie consent management for WP plugins
- Single stage end user cookie consent collection (tick list of cookies with summaries of related functions)
- End user cookie consent control panel (view and change consents on a per-cookie basis at any time)
- Automatic disabling of plugins based on end user consents
- etc, etc... "
This isn't meant to be an exhaustive or prescriptive list - just an idea of how WP's response to the introduction of this (ridiculous) law could be turned to its significant benefit. Why not grab that first mover advantage while you can?