It’sintended to be used when the cookies are actually required for the app to work. For example, to preserve your login, you need a cookie, no way around. Unfortunately, as mentioned by others, it’s often abused

I asked a similar question a little while back: https://lemdro.id/post/10600532

It doesn’t really mean much, it’s more of a loophole from what I gathered.

The GDPR prohibits processing of personal data, unless there is a legal basis for it. Personal data covers a lot more than you think, as does processing.

What counts as a legal basis may be seen in Article 6 of the GDPR. Consent is one option, but it must be informed and freely given; a very high bar. If you have a legitimate interest, you may process data without prior consent. However, you must still provide the “data subject” with information and give them the option to opt out. They must tell you the legal basis, which they have done, but also what exactly that their interest is. (And a couple more things.) There should be a statement somewhere containing that information.

The GDPR gives “direct marketing” as an example of a legitimate interest. Some DPOs interpret the term extremely narrowly, though. It’s a contentious issue. The courts will work it out over the next few years.