It's fine to debate what exact policy is the best, but it's not productive to just dismiss all regulation as bad because some are inconvenient.

FWIW, the only reason cookie banners are annoying is because the sites intentionally made it that way to bully you into allowing 3rd party cookies. EU regulations allow a site to not have banners if 3rd party tracking is opt-in. They could easily do it via a separate settings page. They only chose the banner because they want you to keep tracking cookies on and the annoying banner results in a higher rate of people agreeing to be tracked at the cost of annoyance (which is somehow respun to be directed to the policy not the site owners). Imagine if every time you enter a business you were asked to sign a liability waiver. That's what cookie banners are.

(You do not have to have a banner if all the cookies you use are first party "essential for functionality" cookies)

The problem is that it's insane to leave all of this for the website to implement correctly. It's a UX nightmare and it opens the door for a company to game the system, secretly ignore my privacy setting, etc. The EU solution is, of course, to turn a technical problem into a legal problem. Sue the company if their "Allow" button is too big or it doesn't work as advertised.

It should be a consistent browser-based preference that makes it impossible for a website to do something that I told it not to do. The problem with that is it requires innovation because cookies have inherent privacy design flaws. When you can't innovate, legislate.

> The EU solution is, of course, to turn a technical problem into a legal problem.

As a regulatory body, what else can they do...? In fact, I actually see this as a good thing.

You should think of regulation as an abstraction, an interface, a contract, that defines only a desired outcome (in this case the idea that 3rd party tracking should be opt-in rather than opt-out or non-opt). The details are then left to private entities to implement.

In fact, had they defined it to be say a browser feature or any other specific implementation, it would be strictly worse. By legislating the abstract concept of 3rd party tracking consent, they are leaving open the door to innovation. The idea is that if someone can come up with a better way of collecting consent in terms of UX, while still guaranteeing the same level of consumer protection, then they should be able to outcompete worse implementations.

The law does not require banners per-se (instead requiring affirmative consent before tracking can commence), nor does it require any button size (instead requiring that features not requiring tracking not be gated behind the consent wall and that certain consent outcomes shouldn't be favoured as a part of the UI). What we have is only that way because innovation is not that fast and the motivation to innovate here isn't that high (yet) --- banners are easy enough to implement and not so egregiously bad as to turn away users.

Yes, they should have just elevated the Do Not Track flag to legal status. If the flag is on, tracking cookies forbidden. Easy. It would have solved the cookie banner problem entirely. Some browsers have already removed it but I'm sure they would have put it back of the EU actually made this feature useful.

I don't know why they didn't use it in the law. Probably advertiser lobby because it's much easier to coerce the user into agreeing when they control the process (dark patterns)

Web developers’ deciding to use cookies, knowing the regulation exists, is why you now have a cookie banner on every website you visit.