Cookies should be categorised as essential and non-essential and the website should specify which laws it is considering when it categorises them as such. The GDPR definition of "legitimate interest" (which is a bit vague but it's not that hard to understand it) should be explicitly clarified so that companies can't claim that a whole swathe of shit they opted you into automatically is "legitimate interest" if they also give you the option to opt out.

At this point they can still attach descriptions to each cookie (hopefully using some standardised interface so you don't have to literally send these with every cookie, localized) and then your browser can still present you with the idiotic: "here's what we would like you to use" interface, but streamline the process with the ability to just opt out of anything which won't outright break the website.

Although this still opens it up for abuse by companies putting things like: "your preference for us not popping up an annoying full-page message every time you visit a new page" into a "non-essential" cookie to incentivise you to just accept them all.

Honestly I think we should just have Joe "Sensible Person" judge company's websites for whether they're being actively malicious in any way and force the closure of any company which is considered actively malicious along with the destruction of all company IP and liquidation of non-IP assets. All the company owners should also be banned from owning/running any other company for 10 years. (only half kidding)