IMO, this is a great example of the lack of professionalism in the software development field. No individual software developer is responsible for violating the GDPR's prohibitions on cookie banners in a legal sense, but we could be. Real engineers have that leverage: A PE who thinks a bridge's design amounts to professional malpractice gets to refuse to approve that design, and anybody who the employer could find to approve it risks their entire career, on top of personal liability.
But that's a great example of why we might not need to turn into professionally licensed experts: the risk of messing the implementation of GDPR up is nowhere near messing a bridge or even a single family home up.
Now sure, with software controlling everything today (even the tools an engineer would use to design and build a bridge: imagine a bug in software setting the cement ratio in concrete being used), there are accountability reasons to do it.
Sure, we programmers aren't likely to kill anyone with malpractice (in most software development disciplines, anyway). But we have a much, much broader impact. An exceptionally bad bridge collapse kills maybe a couple hundred people. Incompetent or malicious coding practices on a site negatively effect millions, with some sites getting up to the billions.
No disagreement there, but opportunity costs are present and unregulated everywhere: eg. a bad traffic light design (timings) might increase congestion and greenhouse gasses emissions 10×, but nobody is losing their traffic engineering license for that.
