That's not strictly true, unfortunately. Court cases have been brought and won against companies who do not acquire explicit consent from their users when storing information in cookies.
Companies then build solutions in reaction to these cases. The law is the ass.
"Außerdem müssen Nutzer der geplanten Cookie-Nutzung explizit zustimmen. Demnach reicht es nicht, dass Nutzer einmal bestätigen, dass sie die bereitgestellten Cookie-Informationen gelesen und verstanden haben."
"Users must explicitly agree to the planned use of cookies. It is not enough for users to confirm they have read and understood the provided cookie information."
I think it's a bit more nuanced than that. If the cookies you use are all required for normal operations that benefit the user (e.g. for login), it's fine to not have a popup.
Someone decided to do it and everyone just copied
All you need is a link to a page describing your cookie usage