Am I going to have to check that Personal Information notice every time I want to log on? Seems unnecessary given that once should be enough. But every time?
Yes because privacy has to be accepted before we collect any data from users, so when you open OSM page, we've no idea about which user is doing it and if he has accepted privacy before.
When users doesn't log out neither clear temporary files, there's a record on the browser that links user to OSM and that let us know that this user already accepted it and no need to ask again. If they logout or clear temp files, we've no idea about user, so we need to ask user to accept.
If we place this check after user login (or account creation), we already collected info from user and he may not want us to collect it.
Bottom line, to not be asked again, users shouldn't logout neither clear temp files!
Not a bug. It's by design and there's no other way to do it!