And it made the web experience way worse. Would have been much better to just take back the cookie popups in the browsers, and require each site to publish ToS in a standard format to the browser. I want to approve each data sink once, and each type of clause in ToSes once. They took the technically easy way out. Not very well thought out, but great for adding web dev jobs, of course.
Yes, the GDPR should have gone much further and just banned tracking. But we live in free-market capitalism (an oxymoron in the long run btw) so it was deemed unacceptable to take away people's ability to choose to give up their own rights.