Pushing for things to be handled at the browser level is a fundamental misunderstanding of the GDPR.
Browser-based identifiers such as cookies are only a very small part of it. Furthermore, tracking goes way beyond just cookies, and is done with things like IP address/user-agent tracking and browser fingerprinting - neither requires the cooperation of your browser, it can't do anything about it.
If you're talking about codifying the various data processing categories and let the browser communicate that via a header, it's already been tried with Do-Not-Track and was either 1) ignored, or 2) used as one extra part of the browser fingerprint.
The root cause is that there's an entire industry of parasites that make their money on breaching the GDPR and have no incentive to implement it. GDPR enforcement itself being lax means that they can get away with such non-compliant implementations.
If the GDPR is ever enforced properly, the problem would quickly resolve. The consent flows would first become compliant, and a few months later would be removed entirely along with all the tracking because the opt-in rates are so low that it's pointless to have it. But this would also spell doom for a huge industry of scum, so expect hard pushback at every step.
The browser would work if enforced. So not very different from not enforcing gdpr in it's current form.
And I am not only talking about cookies; I am talking about that the browser should convey what I want instead of me clicking on buttons every site I get to. But yes, if not enforced, the scum will win anyway.
Browser-based identifiers such as cookies are only a very small part of it. Furthermore, tracking goes way beyond just cookies, and is done with things like IP address/user-agent tracking and browser fingerprinting - neither requires the cooperation of your browser, it can't do anything about it.
If you're talking about codifying the various data processing categories and let the browser communicate that via a header, it's already been tried with Do-Not-Track and was either 1) ignored, or 2) used as one extra part of the browser fingerprint.
The root cause is that there's an entire industry of parasites that make their money on breaching the GDPR and have no incentive to implement it. GDPR enforcement itself being lax means that they can get away with such non-compliant implementations.
If the GDPR is ever enforced properly, the problem would quickly resolve. The consent flows would first become compliant, and a few months later would be removed entirely along with all the tracking because the opt-in rates are so low that it's pointless to have it. But this would also spell doom for a huge industry of scum, so expect hard pushback at every step.