Ok. So we drop the cookies and invent/use something else that works like the cookies(e.g an iframe that pings to Google's server) What's that good for? Are you considering including the CORS, iframes and whatever feature may leak information about the visitor in the law as well?
Browser fingerprinting is a thing. In fact I suspect most of the supposedly GDPR compliant (so no cookies or local storage) still use fingerprinting in the background because you can't prove it's happening from the client (and the law is not being enforced anyway).
The cookie law is the ePrivacy Directive 2002,[1] not GDPR. And as a user, I would much rather control my privacy preferences regarding cookies from my own browser, instead of within hundreds of different implementations across websites.
We already have P3P to allow websites to declare how they want to use your information. European legislation should have focused on leveraging these existing tools and protocols to give control to the user, instead of annoying them with endless pop-ups.
GDPR is all about user data AFAIK. If I understand it correctly it avoided the trap that is to single out specific implementations.
Also it seems either I or someone else misread the context. I'm in the broader GDPR context while someone else seems to be in the older cookie law context.