In November 2018, I wrote about how the UK ICO found the Washington Post in violation of the GDPR because the Washington Post tied cookie consent to access to their stories. I obtained a copy of the ICO's letter (copy stored on Mega.nz)
Not surprisingly, the Washington Post disagreed (copy of WP response stored on Mega.nz). The Washington Post argued that visitors from the EU are presented first with a screen with three choices, and after seeing the choices a visitor can give informed, unambiguous consent to accept cookies and to have their personal data used for targeted advertising.
The Post then notes that a visitor after giving consent to the cookies can disable the cookies related to targeted advertising.
This image is licensed by Ad Meskens under the CC BY-SA 4.0 license.