Basically, the law created enough fear among the lawyers that software developers are being advised to include the cookie banner in cases where it isn't strictly needed.
From where I sit that's hard to evaluate since you cannot actually see most data abuses and privacy concerns, and you also don't know how it would have been without it. You also see the effects of various laws and regulations in combination, so the ones related to GDPR are not easy to be singled out. Are you thinking only of the cookie banners? Maybe sites would be plastered with even worse bullshit. Did you consider that GDPR also resulted in privacy policies that (if actually somewhat legal) are fairly easy to read and not just copy pasta but specific to the service(s), have proper contact information, you get some transparency about which data partners the sites work with, sites need to have full data export, right to be forgotten (removal of your data/contributions), and so on. I am certain you benefit from it often, potentially without realizing, and you wouldn't know what the world would be like without them today so it's not so straightforward to reason about.
So uh, don't do that.
You don't need to notify if you use cookies for required functionality like login sessions or remembering a functional setting.
If you're tracking whether they're returning or not your activity is exactly the kind of behaviour the rule is covering because, in legal terms, it's skeezy as fuck.
Nobody wants to be the EU test case on precisely how "required functionality" is defined. Regardless of what the plaintext of the law says, it should be self-evident that companies will be more conservative than that, especially when the cost is as low as adding one cooke banner and tracking one preference.
You'd have much better retention rates if you don't cover up the content the viewer is trying to view.
How would you like it if I shoved a banner in your face the moment you walked into a store and forced you to punch a hole in it in order to view items on the shelves?
