[l33tman]

The EU's GDPR already requires opt-in for all auxiliary tracking etc. even for those huge policies. So you can try to hide all the nasty stuff in a long policy, but you are not allowed to default to them. A single "I agree" button is explicitly disallowed to enable anything else than the barest minimum required to provide the service (now I'm sure that could pose a loophole for some tracking, but they most egregious cases would be liable for enormous fines if they don't adhere to this).