> and less annoying for users.

You seem to be inverting cause and consequence: it's the websites who are annoying to the users, not the law. The banner is optional, it only exists because websites want to collect your private data, not even to make the thing work.

> Or the regulation could've been amended to clarify and improve the technical aspects.

The regulation has been clarified to mean something important: refusal must be as easy, visible and doable as acceptance, so people can click "refuse" everywhere. Lack of acceptance mean refusal, so people can close the banner.

> You seem to be inverting cause and consequence: it's the websites who are annoying to the users, not the law.

No, I mean that the law could've been written in a way that makes giving consent less cumbersome for users. I agree with GP: if it had been a browser setting that websites _must_ comply with, like the abused and now dead DoNotTrack header, then we wouldn't have ended up with annoying consent forms to begin with. After all, it does make sense for this to be a global user preference, rather than something the user needs to consent to on each site. Even without getting into technical details, this should be evident to anyone.

I'm not aware of why this didn't happen, or why the DNT header was killed, but it wouldn't surprise me if the (ad)tech industry strongly lobbied against it, and won. The internet loves to criticize this oversight as incompetence from politicians, but politicians couldn't have elaborated the technical aspects of the law without IT consultants, and these surely understood what could be the implications. The fact they went with the consent form approach, and the fact this hasn't been rectified years later, is probably a sign that the tech industry still has considerable sway in regulatory matters.

But to blame this situation on the law itself, or the EU, is just delusional. I'm still happy it exists, warts and all.

But nothing prevents browsers from doing so ! In fact you can even configure your browser to never show those popups, and everything is fine. Everytime I switch people over to Firefox I install ublock origin and the list that blocks cookie popups: https://jasonmurray.org/posts/2020/cookies/ (there are even more settings to block even more popups today)

Actually Google is seeing the wind turn and is slowly moving away from cookies, so it did even better than what you wanted: it will effectively kill (unnecessary) cookies as a whole.

I have no issue believing lawmakers did in fact take advices from IT experts, seeing how they could make the difference between useful and unuseful cookies. But the law never goes into implementation details, that's another level of regulation, and the real effect is coming: the major browser will block third-party cookies. That will change everything.

You have clearly not seen the amount of people who click "deny all" or "only statistics". Before the GDPR _everyone_ had to accept _everything_ a website sent their way and didn't have a say in it, after the GDPR only 33% of people click "accept all" on the cookie banner for the fairly large e-commerce site I work at.

If the goal of the GDPR was to train people to click "Agree" and to legalise data collection, then that law was an abject failure.

How do you know that only 33% click accept all if you are not meant to track those who deny?

That said 33% of consent, legal to be sold is better than 100% of gray area.

Before GDPR you didn't have explicit consent and you still could be on the hook for trading personal data.

The system is working as intended.

> How do you know that only 33% click accept all if you are not meant to track those who deny?

Without tracking it's easy to:

a) compare the total number of visitors vs those who accepted tracking

b) just increase a counter for each "No"

> The cookie regulation was designed to train people to "Agree" without reading.

That's a cynical take. In reality, companies took advantage of the loose technical language to do the least possible work to comply with the law, while doing their best to implement dark patterns to confuse the user into clicking "Agree". This is something that can be improved with stricter regulation, but it will always be a cat and mouse game.

> It was a prerequisite step for GDPR that was designed to legalise data collection and trading.

Another cynical, and also false, take. The GDPR wasn't "designed" for that. In fact, it actively tries to prevent it. An EU citizen can contact any company in the EU and demand to access all their personal data, or for it to be deleted. This is an unequivocal win for people to regain control over their personal information.

Is this the best that governments can do? Certainly not. I'm still glad that at least something exists, and the tech industry is not entirely unregulated, as in most other parts of the world.

> These are corrupt laws

No. These laws are a step in the right direction. Unfortunately, the strong influence and rapid pace of development of the tech industry means that governments will always play catch up, even when they want to pass laws that protect their citizens.

> most people blindly believe EU is good and totally not in bed with big corporations.

Citation needed. Name me a government that is not in bed with Big <industry>. Big Tech in particular is in strong symbiosis with governments, as they both share some common goals. So, sure, there's that. And yet despite of it, the EU still passes laws that fight Big Tech's reach, and fines companies when they don't comply. Can it do better? Sure. But name me a government on Earth that does a better job at this than the EU.

We don't need to get political here. But it's foolish to spew cynical takes when some governments are at least trying to fight Big Tech, and even more foolish to imply that their attempts are making things worse for its citizens.