The problem is that regulators were influenced by industry then. The proper regulation would have required that the default state be that users are shown no consent banners without explicit action and also not tracked.
But there is a need for clarification here for the most often encountered consent case: web sites.
Basically the regulation could say: you must have consent to collect data, but you must ALSO observe specific standardized method X of of blanket disallowing all consent in specific contexts. For example, "if do-not-track is used in a web browser, then the user should not be shown a consent dialog but instead provided the service as if they had rejected the consent dialog".
I realize that regulators (for good reason!) are very reluctant to specify specific technologies. It's not their home turf, and it's likely to be quickly outdated. But I'm ready to accept that this would be a time when there is a good reason to make an exception to that rule.
I sort of agree with you on that. I guess I'd like to see it not in the main body of the regulation, but as an additional law/regulation/addendum that reflects the current state.
In it's simplest form it says: if you want to collect more data than is required, you have to ask users for consent.
This applies in equal measure to sites, banks, grocery stores, shopping malls, shit processing plants, nuclear reactors etc.