Not completely correct ...
"most browsers accept cookies by default. "
I'm pretty sure the default on any recent browser has been to accept only FIRST party cookies by default. Third party cookies can and SHOULD be blocked by default and if that's not the current default for a browser then why not change the law to *make* it the default.
If that in turn breaks many sites, then that's probably a good thing. With a few possible exceptions, any site which "requires" a third party cookie is doing so mainly with the specific intent of invading the person's privacy. First party cookies, however, usually act for the benefit of the user -- remembering things that would otherwise have to be repeatedly rekeyed. Or they let the webmaster get some idea of how many users are returning regulars. If kept within the confines of a single site, it is no worse than the public library staff knowing who comes in frequently.
The law should understand the difference and distinguish sensibly between them, presuming consent to first party cookies if the browser has been set to accept them but requiring third party acceptance to be off by default.
But to work, the law needs to go further and insist that except in a few very rigidly defined cases a user must be *able* to use every site with third party cookies and scripts disabled. "This site requires it" is an *excuse*, not a reason.