The cookie law is very flexible. It considers any and all ways in which the user makes their intent explicit as good enough.
The issue is that websites want to annoy users until they finally maybe actually say yes to get the site to shut up.
Legally, tracking has to be off by default, tracking may not change the usability of the site, and tracking has to be purely optional, and the "no" has to be simpler, larger, and easier to use than the "yes".
The point of the GDPR, over the course of the next years, is to utterly destroy online advertising as a business model, and any and all tracking solutions with it.
The issue is that websites want to annoy users until they finally maybe actually say yes to get the site to shut up.
Legally, tracking has to be off by default, tracking may not change the usability of the site, and tracking has to be purely optional, and the "no" has to be simpler, larger, and easier to use than the "yes".
The point of the GDPR, over the course of the next years, is to utterly destroy online advertising as a business model, and any and all tracking solutions with it.