It’s a toxic mix of both. If it wasn’t for the tracking and data reselling, those pop ups would be unnecessary.

Many also exhibit dark patterns, making it look like accepting everything is the only option, hiding or even flat-out not providing alternatives. That’s the marketing people, not the GDPR

Two problems with that.

Fist, they could comply with no popup at all if they only used necessary cookies: https://github.blog/2020-12-17-no-cookie-for-you/

And second, many of the popups do not comply with GDPR because they are not genuine, fair, unbiased consent: https://noyb.eu/en/noyb-aims-end-cookie-banner-terror-and-is...