> Surely there are solutions that don't require a popup on every webpage you visit? For example enforcing no tracking by default for advertising purposes?
Wait, what? There are such solutions. GDPR, and the "cookie law" before it, don't "require" any popups.
They allow cookies, 1x1 pixel images, browser fingerprinting, Flash supercookies, browser local storage, etc. without any need for stupid popups... as long as that's required to implement the site's functionality. Consent for these things is implied by the user's use of the functionality (e.g. game scoreboards, saving word processor documents, keeping track of a user's shopping cart, etc.).
What these laws do require is that handling such personal data without such implied consent, should require explicit consent. This acts as a disincentive for sites who want to continue spying on their visitors, by forcing the UX to be more annoying and dissuade visitors from staying.
> the only practical significant impact is that browsing the web has become more annoying.
Sounds like the dissuasion is working. Hopefully that is causing spyware sites to receive fewer visitors (and perhaps revenue), and potentially rethink their decisions.
Most people hate the UX change but don’t care about the privacy so probably a net loss for the EU.
It clearly isn't. Vast majority of people (me too) are trained to automatically accept whatever cookie BS the website asks for, just to get rid of the popup as quickly as possible and get to content. And no, these "spyware" sites such as reddit.com or bloomberg.com won't switch to non-tracking ads to get rid of the popup.
for reference there are at least 2 parts that make this outcome true:
“Consent must be freely given, specific, informed and unambiguous ... Any element of inappropriate pressure or influence which could affect the outcome of that choice renders the consent invalid”: a default choice if “i agree” is influence
“The withdrawal must be as easy as giving consent”: if you hit “i agree” in a box that automatically pops up to give consent, there must be a withdrawal mechanism that’s as easy as that to withdraw (and then they must delete your tracking data)