The thing is, this is not only about cookies, despite the cookies being the poster child for it.
The regulation applies also to all sorts of analytics, fingerprinting, behavior tracking, user tracking, etc., which is far more prevalent and problematic than simple cookies.
We can still establish that cookies are fine and outright fingerprinting/tracking is not, this isn't even that difficult because on a technical level cookies are the optimal option privacy-wise, in the sense that users have full control over what data is being stored, and to whom it is sent. The problem is that not everyone is aware of this choice and most browsers don't provide safe defaults.
