PS: You might be misinterpreting that what the court said about "personal data" (aka Question 2). The crucial bit here is this

>That interpretation is borne out by recital 24 of Directive 2002/58, according to which any information stored in the terminal equipment of users of electronic communications networks are part of the private sphere of the users requiring protection under the European Convention for the Protection of Human Rights and Fundamental Freedoms. That protection applies to any information stored in such terminal equipment, regardless of whether or not it is personal data, and is intended, in particular, as is clear from that recital, to protect users from the risk that hidden identifiers and other similar devices enter those users’ terminal equipment without their knowledge.

This just means that cookies containing personal data and cookies containing no personal data have to be handled the same. This still means essential cookies are still fine. It just means there is no difference between putting some static text, random string (which could be an identifier), or the users home address (personal data) in a cookie. Planet49 tried to claim that their tracking ids were not personal data and therefore they do not need any consent, and they failed, that's all.