It was soon after. It's a requirement of GDPR to get permission for certain kinds of cookies, and seemingly every website either falls under non-exempt or can't afford to prove they're exempt.

The original ePrivacy Directive that created the cookie banners is from 2003, and EU users have been seeing cookie banners since then https://en.wikipedia.org/wiki/EPrivacy_Directive#Cookies

The GDPR is what really gave it enforcement teeth though and that's when it really exploded and made the banners more intrusive and adopted by non-EU-native websites that weren't based in but still did business inside the EU.