The rules in question apply to any storage of information to, or reading of information from, an Internet-connected device. It doesn't have to be "identifying" information.
Edit: I'm amazed this comment is being downvoted. Go read the CJEU's ruling in the Planet49 case if you disagree with me!
The Planet49 case has not much at all to do with that. They were using tracking cookies that they also shared with third-parties, i.e. "non-essential cookies, i.e. not was OP suggested, and they were using a pre-checked checkbox for consent. The CJEU (and German BGH) decided that having such an "opt-out" does not constitute active consent.
PS: You might be misinterpreting that what the court said about "personal data" (aka Question 2). The crucial bit here is this
>That interpretation is borne out by recital 24 of Directive 2002/58, according to which any information stored in the terminal equipment of users of electronic communications networks are part of the private sphere of the users requiring protection under the European Convention for the Protection of Human Rights and Fundamental Freedoms. That protection applies to any information stored in such terminal equipment, regardless of whether or not it is personal data, and is intended, in particular, as is clear from that recital, to protect users from the risk that hidden identifiers and other similar devices enter those users’ terminal equipment without their knowledge.
This just means that cookies containing personal data and cookies containing no personal data have to be handled the same. This still means essential cookies are still fine. It just means there is no difference between putting some static text, random string (which could be an identifier), or the users home address (personal data) in a cookie. Planet49 tried to claim that their tracking ids were not personal data and therefore they do not need any consent, and they failed, that's all.
I think we're talking at cross purposes. I am specifically picking up on the mention of "identifying" cookies in the OP. As you've flagged, the Planet49 case said that doesn't matter (your post: "cookies containing personal data and cookies containing no personal data have to be handled the same"). I'm not commenting on the essential cookie aspect.
You're right, I read your response quite differently than what you seem to have meant. I read it as "cookies need consent, no exceptions", which was my misreading and my bad.
Edit: I'm amazed this comment is being downvoted. Go read the CJEU's ruling in the Planet49 case if you disagree with me!