https://www.techdirt.com/articles/20191210/07425443541/guess-what-many-cookie-banners-ignore-your-wishes-so-max-schrems-goes-gdpr-attack-again.shtml

One of the most visible manifestations of the EU's General Data Protection Regulation (GDPR) is the "cookie banner" that pops up when you visit many sites for the first time. These are designed to give visitors the opportunity to decide whether they want to be tracked, and if so by whom. Any business operating Internet sites in the EU should theoretically use them or something similar, or risk a GDPR fine of up to 4% of global turnover. Cookie banners may be tiresome, but at least they give users some measure of control over how much they are tracked online. But do they? Few of us have the skills or the time to check that our wishes are obeyed by every site. Fortunately, three researchers in France -- Célestin Matte, Nataliia Bielova, Cristiana Santos -- possess both, and have conducted the first rigorous study of this area. They've written a good summary of their full academic paper.

An initial scan of 22,949 Web sites from the EU domains, as well as .org and .com, showed 1,426 that had cookie banners based on the Interactive Advertising Bureau Europe Transparency and Consent Framework, the main industry standard for this area. Of those, the team of researchers took a close look at 560 Web sites from .uk, .fr, .it, .be, .ie and .com domains to detect possible GDPR violations. Shockingly, they found four types of violations in cookie banners, across 305 Web sites -- 54% of the sample: