Hi, I’m obviously not a legal expert or tying to give advice in any way here. However, from “my” understanding “all” cookies must still be declared and site owners are “responsible” for any third party cookies in use on their websites. This includes cookies set by social media functions - social share buttons, links and video embeds. These type of cookies generally track information that “could” be combined with other information collected via third-party content to create a user “profile”.
Currently, Jupiter appears to set an awful lot of cookies relating to various social media functionality. In the interest of fairness, this may also apply equally to other themes right now though! However, some cookies (like the mk-jupiter-love) cookie set by the heart/like icon have an expiry date of “335586 days”! If you haven’t done so already then I would recommend performing a free scan on cookiebot.com, it will shed some light on the extent of the issue.
Just note that even if you use a plugin like Cookiebot, you still have to manually add a code snippet to “every” single plugin being used on your site (that set cookies) so that it can prevent that plugin from settings cookies until permission has been given. This code then has to be added back into each of these plugins “every time” they are updated going forward. At least until plugin developers have made their plugins GDPR compliant. Managing cookies now appears to be very complex, so this topic should be at the top EU site owners list of priorities right now. We should also all be putting pressure on social media companies, theme and plugin developers to get on top of this.