I'm semi-seriously considering launching an EU citizens' initiative to fix this. Here's how it can work: The EU directive responsible for the cookie popups is (afaict) 2009/136/EC, par. (66). It says cookie acceptance can be a browser setting but does not give details. The EU initiative could extend this to say web operators must respect the "Do Not Track" header.
Do Not Track is a special header that browsers can send to say "I don't want to be tracked" or "I agree to being tracked". It already exists in some browsers - but hardly any web site honors it. If the EU directive would mention that DNT must be honored, then web sites would have no further need to display their consent popups when the header is set.
My problem is that such an initiative would likely require a huge time investment. It needs 1M signatures. That would likely be very hard work.
If the response here is overwhelmingly positive, I might be more inclined to throw myself at this problem. Please upvote or comment if you think this might be worthwhile.
Besides, recent iterations of the cookie banner are (supposed to be) more than just an ok button - they are supposed to provide an opt out mechanism for all non-required tracking. See, for an example, theguardian.com
I don't think a citizen initiative will be likely to succeed as the regulation has been in the works for a long time and will probably be passed in one form or another, and I really doubt the EU would want to amend the handling of cookies a third time.
BTW I develop an open-source CMP (https://github.com/kiprotect/klaro) and the problem is a bit more complex than honoring the DNT header, as the user needs to grant or decline his/her informed consent for all non-essential third-party services. In the long run I think this functionality should be implemented directly in the browser, but again this will require more than a single header IMHO.
Would the EU directive also mandate there be no consent popups? Otherwise they'll probably remain and annoy people, even if they are mandated to follow DNT.
The default should be to only allow the basics for a cookie. And if the user wants to opt in for sharing all their data, a specific page for that should be present.
It is more an issue for me at least that it fucks with my intelligence somehow.
Of course I do not want to share my data with anyone and at the same time don't try to fucking trick me to hit the "all cookies" button.
I am absolutely furious about it.
My email address is bwbbwb@gmail.com.
You propose to make web protocols/standards and national laws tightly coupled for the long run, to solve a usability problem in the short run. That's the wrong hammer for this delicate ceramic vase. Can you imagine what it would take to evolve web standards if they have to do so in tandem with the laws of dozens of different countries? If the law says cookie acceptance can be a browser setting without giving details, that's not too little detail. Even mentioning cookies might be too much detail for a law.
I am annoyed too, but I direct my annoyance at the entity that made the wrong usability and privacy decision, which is the organisation behind the website in question. Website owners (should) have every incentive not to annoy their users. Designing websites without cookie consent pop-ups is possible, legal, and a competitive advantage. As a user, removing the pop-ups automatically is also fairly simple. Let it play out. It's gotten worse before it gets better, but I believe GDPR is ultimately a force for good.