Well, note that I said it could just as well be a widget on the website somewhere.
There's no such thing as a mandatory cookie popup. You don't need to get explicit consent if your website needs certain cookies to do what the user wants it to do. Placing a session cookie to log in is fine, for example. And it's also fine to place tracking cookies if and only if the user goes to aforementioned widget and presses the "please track me" button.
But users don't want that, obviously, so websites are built to force you to acknowledge the choice. The problem here is not the implementation of the law - it's the attitude of the website builders.
There's no such thing as a mandatory cookie popup. You don't need to get explicit consent if your website needs certain cookies to do what the user wants it to do. Placing a session cookie to log in is fine, for example. And it's also fine to place tracking cookies if and only if the user goes to aforementioned widget and presses the "please track me" button.
But users don't want that, obviously, so websites are built to force you to acknowledge the choice. The problem here is not the implementation of the law - it's the attitude of the website builders.