IMO the only good thing is it made people aware of what's happening with their data online. But then we are still tracked, the web experience is much worse, SMEs got another "screw you" from the regulator by increasing their operating costs to comply with this and big companies who were to blame for this in the first place found ways to bypass it because they have access to strong legal expertise.
I think the GDPR creates benefits in more areas than you may be aware of.
For example I used to work for a hosting provider. An admin noticed that one of the hosted customers had customer data exposed to the internet without a password. Due to the GDPR he was forced to contact the customer about it, or our company could be held responsible (since we knew about it).
That law is at least an attempt to fix an existing problem. So this is like blaming someone who made a subpar raft for the flood that required the raft.
I'm with you, these prompts are garbage. But they are better than no prompts, because companies are greedy af and they will track. Fixing that is a much larger issue than the bandaid of law.
The GDPR is on the whole a very successful law which has improved the way companies handle personal data a great deal.
What you are objecting to is specifically the part of that law which mandates consent for gathering personal data, and which resulted in these cookie banners. That's annoying (mostly because a lot of media companies rather continue hovering up data instead of critically assessing the need to do so), but it doesn't invalidate the better parts of the GDPR. Calling it a complete failure is unnecessarily hyperbolic.
Also the Cookie Banners work, I have installed multiple, and Google Analytics has become completly useless. We now see from stats that only ~20% people accept Google Analytics tracking. This has lead to new market of trackers that doesn't require banners, for instance based on User agent and IP hashing from logs.
What is unfortunate that law puts the onus on implementing the dialog for individual sites, it should be feature of browsers. This way users could enforce from browser settings that they don't want to be tracked.
Consent is only one way for obtaining a legal basis under the GDPR.
And the consent banners are industry's own inventions. They could have honored do-not-track and be done with it. Instead, they opted for these dark patterns.
It's the classic corporate dark pattern to undermine regulations.
Choose the most disruptive, asinine way to comply with them. Then argue that the regulation is at fault, and lobby to have it removed.
For example, there's been plans recently in Norway to tax the salmon farming industry more heavily. The response from the industry has been to pretend that this will completely decimate the industry(we'll have to fire tons of folks to protect our massive profit margins hurr durr), which the numbers don't seem to bear that out. But now they've managed to convince the workers and they've been protesting to "protect their jobs" when they're actually just being used as pawns to protect a billionaire from taxes.
There's 6 legal basis under GDPR, but that's irrelevant for cookies (or anything that allows you to store or retrieve information on the user's device, really), because they're covered by the older ePrivacy directive. If a cookie is not “strictly necessary”, consent is required.
