That is an excellent question, because this is indeed how it works on many sites. However, it is actually wrong. The proper way would be to have users opt-in.

This was even reinforced with a court decision recently: https://www.technologylawdispatch.com/2019/10/cookies-tracki...

In practice that's a violation of Art. 7 GDPR [0]. In particular, recital 42 [1] makes clear that consent can't be regarded as "freely given" if "the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment."

[0]: https://gdpr-info.eu/art-7-gdpr/

[1]: https://gdpr-info.eu/recitals/no-42/

> "we collect data, click OK to accept

That's not compliant with the GDPR plain and simple. For example ads on a website are not required for that site to work (even if it's the only revenue), so the site cannot store data only to track users to show ads. The way a complliant site should work is it can say

"if you want to allow tracking cookies to get more relevant ads you can do so in settings".

I.e. no must be default in case of non-acceptance - and the site must still function.

Yeah. I just visited some news site and they gave me a cookie notice:

> We use cookies for analytics, advertising and to improve our site.

> You agree to our use of cookies by closing this message box or continuing to use our site.

Hopefully they will be fined huge amounts of money.

Exactly. At least some site will be fined, and that news site might make a calculation that it's a better business decision to comply than keep violating the law.

The [back] button.

The back button is too late. You already gave them a visit, a cookie might have been placed and your IP address was provided.