Pressure from some sections of the computer industry, backed by Governments, pushed for an “implied consent” interpretation of the law, and this is what opened the gates to these annoying and ineffective “cookie banners”.
The best way is to deal with them is to make them redundant by using technology that offers real user control over tracking, and basing that on explicit consent.
Although there are other ways to do this, the DNT signal is important because it is universal and transparent, its description insists that consent must be explicit, and it has meaning in other jurisdictions such as the US.
In terms of the basic W3C DNT Tracking Compliance and Scope (TCS) specification DNT:0 means that the user given “explicit and informed consent” to “practices otherwise proscribed by this specification” i.e. to “the collection of data regarding a particular user’s activity across multiple distinct contexts and the retention, use, or sharing of data derived from that activity outside the context in which it occurred”.
Until more browsers implement the DNT UGE (so far only Microsoft has done that) another protocol element (the Tk: C response header) can be used to indicate that another mechanism, such as a cookie, is being used to record user consent.
EU data protection and privacy law covers a wider scope, particularly on the issue of personal data collection and use by first-party sites, but the DNT protocol and API can be used to indicate that also. The user must be informed when consent is registered in their browser, so a wider interpretation could be explained then. There is also a defined protocol element (the Tracking Status Resource “compliance” property) that can make any alternative legal compliance statement persistent and transparent.
Once the majority of third-party servers respect DNT, perhaps with legal backing for that, then most sites would no longer need these banners, just to ensure they only embed DNT compliant third-parties.