Also the e-Privacy Directive does exempt strictly necessary cookies from any consent requirements, or am I completely confused now?
Edit: No, I'm not. The GDPR page I linked states the situation that follows both from the GDPR and the e-Privacy Directive. It also fits to what is written in the directive itself.
Strictly necessary cookies for a service the user explicitly requested. And, importantly, this is true even if no personal data is involved and the process is therefore not covered by GDPR at all -- the cookie clause of e-Privacy Directive applies regardless.
Edit: No, I'm not. The GDPR page I linked states the situation that follows both from the GDPR and the e-Privacy Directive. It also fits to what is written in the directive itself.