It's mostly correct what the article says but I'll never really understand why you would quote some laws and not say which ones you're quoting. The relevant parts here are not from GDPR but from the ePrivacy Directive 2002/58/EC, i.e. the more specialised law on what the EU calls electronic communications. And its Article 5, paragraph 3, which is about "information stored on the terminal equipment", meant to include cookies without calling them such, was added to the law in 2009, 7 years before GDPR was adopted.
It's mostly correct what the article says but I'll never really understand why you would quote some laws and not say which ones you're quoting. The relevant parts here are not from GDPR but from the ePrivacy Directive 2002/58/EC, i.e. the more specialised law on what the EU calls electronic communications. And its Article 5, paragraph 3, which is about "information stored on the terminal equipment", meant to include cookies without calling them such, was added to the law in 2009, 7 years before GDPR was adopted.