In addition to taking whatever technical measures you are taking, if you're in the EU, consider also grabbing one web site that has a particularly bad consent flow (e.g. a dozen clicks to not get tracked, or a "click or scroll anywhere to consent"), and report them to the appropriate DPA.
The DPAs often only work off consumer reports.
You need to know that these popups are a result of two separate laws: The ePrivacy directive aka Cookie Law, and GDPR. GDPR is enforceable one that you care about. A web site can process your data (e.g. for personalized ads) for one of the explicitly given reason, the most common ones being "legitimate interest", "fulfillment of a contract" and "consent".
There have been a couple recent statements about what counts and doesn't count as legitimate interest, fulfilling a contract, and consent.
You also have the right to ask the controller of the data (not the processor) for a list of data stored about you. Try it with one of said web sites! Make a clean cookie jar, use the site and only the site, send them the cookie jar, and see what data they store. (If they don't, file a complaint with the DPA)
The DPAs often only work off consumer reports.
You need to know that these popups are a result of two separate laws: The ePrivacy directive aka Cookie Law, and GDPR. GDPR is enforceable one that you care about. A web site can process your data (e.g. for personalized ads) for one of the explicitly given reason, the most common ones being "legitimate interest", "fulfillment of a contract" and "consent".
There have been a couple recent statements about what counts and doesn't count as legitimate interest, fulfilling a contract, and consent.
You also have the right to ask the controller of the data (not the processor) for a list of data stored about you. Try it with one of said web sites! Make a clean cookie jar, use the site and only the site, send them the cookie jar, and see what data they store. (If they don't, file a complaint with the DPA)