The law had good intention but bad implementation. Also the law takes so long to change. Once it became obvious that companies would bypass it by having clicking gymnastics they needed to quickly update the law saying that it should only take one click to opt out.

They took what should have been a browser on/off switch and turned it into something almost worse.

GDPR didnt do it, lazy site owners that didnt want to read the legislation did.

Most sites dont even need those popups, but its easier to just shove one on your site than try to understand the specific situations which do need it.