Cookies have literally nothing to do with GDPR or the ePrivacy directive. It is mentioned I think twice total in both documents as an example of how user data is persisted and tracked across domains, but ultimately the mechanism is irrelevant.