Two years ago, I told my friend Piotr Korzeniowski that consent banners would disappear within five years. As the CEO of a Consent Management Platform he obviously disagreed. My prediction still has three years left, but I am more convinced than ever that their days are numbered.

A recent Politico article: Europe’s cookie law messed up the internet. Brussels sets out to fix it (known as the Omnibus revision) nicely summarises why reform is finally on the table—though I take issue with its headline. The EU did not mess up the internet’s user experience.

The real culprits? The big browsers.

Their refusal to implement a centralised privacy setting doomed us all to the Accept All / Reject All circus. A simple, user-level preference—set once and applied everywhere—would have solved the problem.

But that was too restrictive for the big adtech and martech giants eager to collect every scrap of data they can legally get. Instead, Google and Microsoft dumped the burden of consent onto individual website owners.

Maybe their plan was that users would simply become “banner blind” and simply take the quickest path to just make the pop-ups go away i.e. click Accept-all.

That is how we landed in this UX/pop-up quagmire. But the good news is, the EU Commission is eager to now fix this.

The ePrivacy Directive’s Troubled Path

When the ePrivacy Directive was due for revision, it fell victim to two extremes:

• Hard-line activists who see all data collection as almost evil
• Corporate lobbyists who want the surveillance economy to live forever.

The result? Eight years of chaos and the occasional absurd rulings, such as:

• Embedding Google Fonts Violates GDPR – shared fonts for heaven’s sake!
• Google Tag Manager requires consent – tag managers are as essential as your CMS!

Even as a strong privacy advocate, I found these rulings embarrassing. They made the EU look like it had lost touch with technical reality.

Eventually, the European Commission had the good sense to shut down the ePrivacy revision process before it imploded completely.

Could a Centralised Privacy Setting Work?

Yes, and it should.

Regulators in France, Latvia, Spain and the UK have shown pragmatic thinking:

• Aggregate and benign data collection not requiring consent.
• Tracking that leads to personal profiling, on the other hand, demands explicit consent.

This is logical and balances the respect for user privacy, with the right to run a business efficiently.

Aggregate data—visitor volumes, product demand, checkout flows, marketing performance—are essential for running any website. A clear EU framework allowing such measurement by default would mean:

• Businesses get the data they need.
• Users get a seamless, pop-up-free experience.
• And privacy advocates get meaningful control preserved where it truly matters.

That is a genuine win–win for everyone. Hyper-personalised profiling and advertising could still exist—it would simply require explicit consent, as it does now.

If this approach were embedded in an EU Regulation rather than left to the patchwork of national directives, EU privacy would be far stronger.

The Road Ahead

The obvious next step is a centralised privacy preference—something like Global Privacy Control.

Yes, Google and the adtech world will fight it, arguing that a one-size-fits-all setting is too blunt for their industry to flourish. But when California, Connecticut, and Colorado are already embedding such controls into law, the writing is on the wall.

It is time to make “set once, apply everywhere” the new normal. Cookie banners had a long run. But honestly—good riddance to bad rubbish.

What do you think—will the EU finally give us a cleaner, banner-free web experience, or will ad-tech lobbying slow it down yet again?

I would love to hear from privacy professionals, designers, and marketers on whether you believe a set-once, apply-everywhere model could really work in practice.

This article was originally posted on LinkedIn, Oct 2025. The featured image is from the Politico article referenced.

---

Brian Clifton is a measurement and data privacy strategist, author, and founder of Verified Data — the auditing platform for data quality and governance. Formerly Google’s Head of Web Analytics for EMEA, Brian has spent over two decades helping organisations build trust in their digital data. He is the author of the best-selling books Successful Analytics and Advanced Web Metrics with Google Analytics. He is a certified member of the European Association of Data Protection Professionals.