Grave digging an old topic, but this is starting to get very relevant for EU instances:
Non-essential cookies must be deployed only after getting the users’ consent. A notification banner does not make a site GDPR compliant.
This is an issue if the site uses the official advertising plugin to serve AdSense or similar ads - their script is executed whether or not the user gives the consent. Same goes for GAnalytics.
Anyone got any ideas how to tackle this? I can live without GAnalytics, but without AdSense we will most likely need to close the shop.