[dathinab]

> It'd be nice if the law included an explicit exception for local cookies for routine site operation purposes.

it does have such exception, always did (as long as the cookies are not used for tracking or other non essential things etc.). It might not be supper explicit but it's explicit enough to have you on the safe side.

you do have to inform people, but there are very non intrusive ways to do so (as it's informational only, i.e. no user interaction like confirm/accept is needed at all). (I think? they also have removed part of the explicit informational requirement for some things recently, i.e. it's good enough to list it on your site in the TOS/Dataprotection section/sub-site.)

there are other (I think not EU wide but nation specific) laws which get confused with it and handle things different, based on sites storing their data on your computer (and with that any cookie)

the reason most sides don't do anything like that isn't because they can't. It's because they try to harass user endlessly until they always click on confirm and can be tracked. Or because they don't know better due to a endless slew of systematic misinformation spread by advertisement agencies like Google Ads.