Even if Apple is in violation, that doesn’t make it acceptable or within the law. Big companies (notably Meta) frequently don’t comply with GDPR and are beginning to pay the price for it and making changes.

https://noyb.eu/en/5-years-litigation-meta-apparently-switch...

I was pleasantly surprised to see Apple’s cookie policy is considerably less intrusive than the submitted website’s.

https://www.apple.com/legal/privacy/en-ww/cookies/