You should ask if true privacy is really possible. Cookies are just the tip of the iceberg. Between IP addresses, browser fingerprinting, unique URLs, and the existence of third parties that correlate information across web sites (mainly ad networks) I'm confident it isn't.
True privacy is not possible if websites truly want to track you. The point of the GDPR is ensuring that legitimate companies operating in the EU will refrain from doing so without consent, because it's against the law and the punishments can be pretty severe. Sadly enforcement has room for improvement.
Some US sites may bother, many won't. At a small startup, whenever this was discussed, it was decided we had better things to focus on since we had no paying EU customers.