Technically GDPR (and other similar regulations) do already require compliance notifications to be non-obtrusive, or at least rejecting consent to be no more difficult than accepting it.
Unfortunately that isn't adequately enforced so everyone gets away with making it a massive pain to reliably opt-out and very easy to accidentally permanently opt-in.
Unfortunately that isn't adequately enforced so everyone gets away with making it a massive pain to reliably opt-out and very easy to accidentally permanently opt-in.