[mananaysiempre]

You don’t, that’s the point of the law. As in, the old “EU cookie law” focused on you knowing the terms, but that proved ineffectual where every website operator said “accept or GTFO” (you’d think that would end up an unstable equilibrium, but it didn’t).

Thus the “new” GDPR is predicated on the idea that consent given under “... or GTFO” terms is invalid, given the imbalance in negotiating power, and said consent (where required) had to be voluntary by that definition. The result is cigarette-labelling-level malicious compliance on part of website operators (and compliance-in-a-box vendors they use).

Many of the things you see, such as requiring you to turn off every single “purpose” or “partner”, are manifestly illegal (or rather, don’t legally constitute voluntary consent, so showing them is legal but tracking you afterwards isn’t), but enforcement has been lackluster so far. We’ll see where we end up I guess. (I genuinely don’t know how I want this to go.)