Just as an thought experiment: What would happen, if legislation would make it mandatory for cookie layers to accept the DNT header (Do Not Track) [1] as input and forbid to ask the user if such a header is present?
Like
DNT: 1 == no cookies, except technical required cookies, like sessions
DNT: 0 == accept all cookies
If you don't like repurposing the DNT header you could also imagine introducing a new header for this purpose.
https://geizhals.eu/ is one of the few websites I know which automatically respects DNT settings. Small info notifications informs me about my do not track settings and is closed automatically. With DNT = 0 they ask if it's ok to set cookies. I agree, that with DNT 0 they shouldn't be required to ask.
I kind of like the idea, but fear this would not be viable for two reasons - although interestingly they are somewhat opposed:
1. DNT’s already failed as a opt out since less scrupulous actors either ignored it, or used it an an extra tracking signal (!)
2. More scrupulous actors would likely take the view that DNT can’t express adequate consent for tracking (no granularity or evidence of informed consent to privacy policies).
Like
DNT: 1 == no cookies, except technical required cookies, like sessions
DNT: 0 == accept all cookies
If you don't like repurposing the DNT header you could also imagine introducing a new header for this purpose.
What would happen?
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/DN...