All it takes is strict enforcement. The rules are already there.
Many of the popovers (basically all that you can't easily dismiss without giving consent to anything unnecessary) don't result in valid consent.
Twenty page privacy policies are also questionable: "the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language."
I also hope that the ones that ask for consent with a modal pop-up create a modal pop-up offering you to revoke consent on every page load: "It shall be as easy to withdraw as to give consent."
Strict enforcement of the existing rules is all that's needed. Getting consent is going to be really hard, to the point where web sites may be best of not asking for it, and only doing what they can without processing personal data.
This. I long for the day when regulators pick one high profile target that uses “by entering you agree to [us giving your data to third parties for ad purposes only]” and simply hit them with an enormous fine.
Many of the popovers (basically all that you can't easily dismiss without giving consent to anything unnecessary) don't result in valid consent.
Twenty page privacy policies are also questionable: "the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language."
I also hope that the ones that ask for consent with a modal pop-up create a modal pop-up offering you to revoke consent on every page load: "It shall be as easy to withdraw as to give consent."
Strict enforcement of the existing rules is all that's needed. Getting consent is going to be really hard, to the point where web sites may be best of not asking for it, and only doing what they can without processing personal data.