The predictable outcome from that ruling is a decentralized solution: a few libraries attempting to build frameworks that are compliant, everyone implementing their own one-off versions of permission-granting and cookie consent using those frmeworks as a basis, and the Authority chasing mom-and-pop sites that are out of compliance until the sun goes cold.

In a sense, that may satisfy the goals: the data will be decentralized, stored widely, and harder to aggregate. On the other hand, what we learned from the virus era and the Windows OS monoculture is thousands of nodes running the same software (but not centrally maintained; maintained by people who have a job other than maintaining a website and are therefore slow to patch security holes) will be vulnerable to scripted attacks against frameworks.

My prediction is a net increase in stolen PII and, while individual site-runners will get screwed, the number of sites collecting the data won't go down. It's just too valuable, and the odds you will get hit by a hacker are too low.

In any case, it'll be a hell of a ride.