The lack of technical details was a good one. The pop ups was the solution the industry chose.
They could have gone with the do not track header, but they didn't although they still could and it would be okay within the concept of the law which just requires consent for tracking.
I agree, and nearly everyone on this forum could come up with a better technical solution. I'm not familiar with how the GDPR came to be, but presumably they had technical advisors, and still took this approach. Maybe it was due to corporate pressure, maybe incompetence; we can only speculate at this point.
I'm hopeful that the laws will keep evolving in response to citizen needs, but I'm still glad I have some control over the data companies have on me, however limited that may be.
They could have gone with the do not track header, but they didn't although they still could and it would be okay within the concept of the law which just requires consent for tracking.