Most sites use cookies, so to speak indirectly. For example, let's say you run your own blog. It has no forms, comments, nothing. Users just logged in, read and left. Your site does not use cookies. But as soon as you set up analytics, the analytics will add cookies for each visitor.
The fact is that with their help you can track any activity of a person. Where did he come from, what did he see, what did he do. This is what the user should be informed about. User behavior on the Internet is his personal, private information. And you are obliged to inform him about what data you collect about him and what you do with them.
So when you come to the store - there must be a notification that a video is being recorded. The same is true here.
Recently, the laws in this regard have been somewhat tightened. Large obscuring dice with the question "Can we use cookies?" it's really not that big of a problem. Much more serious:

1. The site does not offer you the option to NOT allow yourself to be tracked. He just informs. "You're already here, and I already know everything about you"
   
2. The site offers the option "Do not follow" but only formally. Regardless of your choice, cookies will still be collected and processed.
   
3. If you select the "Do not follow" option, you will be asked not to be allowed to enter the site. Because it's cheaper to block your browsing than to remake the site so that it works correctly without cookies.
   

My opinion is that these messages about the use of cookies are simply a mockery of the visitor, and the owner of the site.
In fact, in any browser, there are security settings.
There are so-called security levels. If desired, the user can configure his browser in such a way that it is his browser that shows him messages about what data is collected about him on this site.
Moreover, here they were frightened by different versions of the site, with different data collection.
Just for browsers, there are extensions that filter the content of the page.
They do not load all the same scripts, Google Analytics, and so on. Any counters.
There is an extension that generally disables any scripts, or certain ones.
The user, if he is concerned about his own security, anonymity, can set it up the way he needs. Moreover, with different levels, for different sites. That is, to prohibit certain counters from collecting data about themselves, and to allow certain ones.
In my opinion, the thing is that such things are being done, how to put it.
For people with limited mental abilities in a certain area, who for some reason do not find it necessary to set up their PC the way they want.
And in fact, adjusting to such flu-like faces is a very unpleasant trend and somewhat dangerous.
For example, in the Firefox browser, the ability to disable scripts was removed from the settings, motivating this on the official website by the fact that users with this button “break their browser, which becomes unusable for viewing” or something like that.
In fact, if someone, in fact, from those who develop and promote such things, cares about the security of the privacy of the citizens of their country, then it would be more effective to prescribe slightly different mechanisms. Namely. For example, for localized for a specific country, that is, language, browser. Well, for example, when a user installs Opera on his PC, he selects a language during installation, so that along with this, default settings are automatically prescribed to inform the user about what data is being collected about him.
That is, a user who installed Opera in French, when visiting any site, will receive the same message as now, not blurry, but specific, about what data is transferred, what crypts are running, what information about it was collected, and what exactly the file is written where it is on his PC. Delete button, accept and so on.
So that it can be disabled, and configured at the request of the user.
In fact, this can be done now, if desired. But the essence of the problem is to be enabled by default, and if desired, you can disable it.
And the display of a window on the site, which no one reads, and clicks “OK”.
This, I don’t know, looks like a props and mockery.
About spying on users through cookies, but what about the server log?
It turns out that the server log, its processing programs, is also a kind of surveillance.
At the same time, you can’t refuse it no matter how.
When a user uses something, for example, the same PC, he must have a certain set of skills and knowledge to use it.
But for some reason, in a capitalist society, a dangerous tendency began to develop, to adapt to a group of people who do not consider it necessary to acquire any skills. And this negatively affects those who have such skills and want to improve them. As an example, all with the same removal of the ability to disable scripts in firefox.
And in general, the interface of many programs has recently become peculiar.
In fact, there are about 10 browsers that people use.
Firefox, Opera, Chrome and so on. To oblige to prescribe default security settings there, in 10 programs, is much more effective than on all sites, to hang signs that no one reads.
This topic can still be continued in this vein, but there is so much text.
Registered specifically to answer this question.
Everything written is a personal opinion, it does not claim to be true.
When asked who needs it, probably those who benefit from creating problems for people.
Probably some way to suppress competitors, some requirements.
It seems to have nothing to do with caring for people in practice.
ps If some program downloads an array of data to your PC...
Firewall will work, folder access rules, account rules, program installation, firewall, antivirus, and so on.

Why, why and who needs this nonsense with the need to show these fucking notifications.

On the basis of the European Personal Data Law, etc. .
Roughly speaking, if your site serves EU citizens, then you must follow the law. On the territory of the Russian Federation there is no such requirement.
UPDATE 10/15/2020:
Due to changes in the legislation of the Russian Federation, when collecting and (or) processing / transmitting ANY user data, you must take permission from the user for any interaction with his data, or notify him in the style "if you are here, then you agree, otherwise, get out of here." Otherwise, I recommend reading the info below:

Administrative responsibility under Article 13.11 in the current wording provides for differentiation depending on the consequences of the violation. So liability for a legal entity provides for the imposition of a fine in the amount of 15 thousand to 6 million rubles, and in case of repeated violation - up to 18 million rubles.

PS clientid Yandex.Metrica is also personal data (a case from personal practice).
PS2 any symbol (for example, a dot) that was created and stored based on the user's action - personal data (a case from personal practice).

Some paranoids decided that they were being followed through cookies. The joke is that it is unreliable to track users through cookies, so no one uses cookies to track cookies.
Conclusion: this law only adds hemorrhoids to typesetters.

This is what officials need. This is exactly what happens when laws are written by amateurs.

In the EU, the story is the same, and it lasts longer than in the Russian Federation.

So because of the EU, this garbage began. The officials who passed this law apparently believed that users would prefer those sites where they were not monitored. It worked out as always.
And ours do this either because of entering the European market, or out of stupidity.

Sites give your information to third parties, store and process for their own purposes, sell, etc., etc.
Sites know more about you than your closest relatives
Money in this sector is normal
This is the basis of contextual advertising
One person before these decisions in the EU could not compete with corporations like google, yandex, fb, etc.
IT solution is not to hysteria, but to update the rules on the ad blocker, use solutions for "reading"

If a certain program downloads a certain amount of information to your computer and actively uses it, in theory it would be nice to get your consent to this.
It's like with a personal data base - you can't just take and write down your data without your consent.