What if GDPR mandated that cookies be a browser-level permission instead of a site-implemented permission modal?

Sure, the "approved uses" would still need to be done at the site level, but the "how do I just decline all?" UX problem & enforcement of it would be a lot simpler and safer and easier on sites & users.

co founder of @metamask . Making computers behave for us.

The issue with DNT is that it's optional for sites to take it into account. We need a real constraint. And yes browsers should do this. But this is the heart of the web 1 and 2 economic model they all live by, so no one will take this risk. DNT was the furthest they were able to go.