ePrivacy predates GDPR and applies specific (and stricter) rules to a few things, including against intrusion to internet-connected devices (the ePrivacy Directive's so-called cookie rule also affects malware, telemetry, software updates, etc).
It's long overdue an update but its intended replacement, the ePrivacy Regulation, is taking a while to be agreed by EU legislators. In the meantime we're stuck with out of date legislation that's applied and enforced without the benefit of the GDPR's "one stop shop" enforcement coordination rules - neither of these things is ideal!
