Isn't that just an "in theory" though? In practice, a ton of sites have these cookie warnings because the EU mandated them. If a large enough legal body mandated that websites obey prescriptive privacy statements from their users, most legitimate sites probably would.

The same way GDPR is enforced. Given the cookie popups I'm seeing everywhere, it doesn't seem to be toothless.

Realistically, if the EU were to impose such a rule, then any ad company doing business in the EU would have to follow it. Thus, any web site deriving any significant revenue from EU advertisers would have to follow it. I'd strongly assume that it's not possible to effectively monetize EU eyeballs without EU advertisers. Of course, anything operated by a EU company or hosted in the EU would also be subject to these rules.

While some local US news would certainly take the "we block all traffic from the EU" approach to avoid dealing with it, the advertising and tracking landscape would quickly and drastically improve.

If now, for example, California would also decide to copy these rules, this would very quickly be the worldwide standard.

That isn't much of a solution if you do business in the foreign country whose requirements are being circumvented.