First, cookie banners are associated with a totally different legislation, not GDPR, and they began appearing long before GDPR existed.
Second, the EU is not to blame for cookie banners. Companies doing tracking via cookies are to blame. They always have the option to not have a cookie banner--just don't do the things that require cookie banners. They deliberately choose to do these things, and then people complain about the banners.
In California, where everything can give you cancer, do people consider that a failure of the companies putting the notices on everything, or a failure of government?
That's a failure of government because the law mandates the notice in so many places that it becomes pointless noise.
Cookie banners are not analogous. It's easy to make a web site that doesn't need cookie banners. It's actually easier to make a site that doesn't need them than to make one that does. Adding in the tracking that requires banner takes effort. But companies prefer to put in that effort and annoy their users so they can have that tracking. That's 100% on them, not on the government.
> But companies prefer to put in that effort and annoy their users so they can have that tracking.
This is making the assumption that the company has already paid the significant legal fees to see if they need the banner or not. Or ignoring the companies that think it is easier to add the banner than pay a law firm to review it's data usage.
It's like 'Hey, I make T-shirts. I want to sell them to anyone who visits my website. Do I need a cookie banner? I don't know. I do collect personal information to facilitate the transaction. I do retain the information for refund purposes. I do log IP addresses. Is this covered without a banner? Am I 'safer' to just make a banner saying we are saving their data and using it? I can't afford a lawyer to review everything we do, but I can afford a developer to make a banner like they did on other sites. Even if they implement it incorrectly, I think it's worth the cost to have the banner because I probably won't be liable if I attempted to follow the law. And maybe I'm wrong there because again, I have no idea what the letter of the law requires. I just make t-shirts and want to sell them.'
Tossing up a banner doesn't really help. You're required to allow users to opt out of anything that's not essential to the service being requested by the user. So regardless of whether you're going to have a banner or not, you have to identify what's essential. And once you've done that, you could stop there and not have anything non-essential.
How easy is it really, seeing how nearly every website ends up having them? Even if they don't think it's needed, seems the legal risk isn't worth.
It’s not the legal risk, it’s the desire to track users. How often have you seen a cookie banner that says “we only set cookies when it’s essential to the site’s functionality so there’s nothing for you to opt out of”?
Case in point, GitHub & Gitlab (I think, not 100% sure) don't have cookie banners, one would hardly call those two sites small