Under ePrivacy, websites only need to show a cookie banner when they are doing spyware shit. There are exceptions to this, but generally speaking you don't need a cookie banner for functionality that the user expects. As one example, you don't need a cookie banner for a login cookie or for storing the user's preferences.
While the law has flaws, it's very frustrating to see people misinterpreted it, instead of reaching the correct conclusion that the vast majority of websites are spyware. And that it's not EU's law to blame, but rather standard internet practices related to analytics and the serving of ads.
While the law has flaws, it's very frustrating to see people misinterpreted it, instead of reaching the correct conclusion that the vast majority of websites are spyware. And that it's not EU's law to blame, but rather standard internet practices related to analytics and the serving of ads.