[throwawayqqq11]

Funny thing is, GDPR defines legal possesion of personal data in two forms: The data is either strictly required for a service or business process (like a delivery adress or payment info for an online order) or otherwise explicitly allowed by customers.

So, if you dont ask for or store personal information, that is irrelevant for your business, you dont have to ask for consent at all. The customers consent is implicit the moment they use the service with required information they have provided.

I assume most sites dont need that cookie banner theater unless they want to tap in the personalized ad revenue stream, which wants to collect as much PII as possible. The purpose of the theater is similar to the "i dont care and agree" ToS dialoges, people should get an eazy way to wave away their rights for corporate profit maximization. Compliancy is secondary, imo.