That is a terrible proposal. The GDPR is not about cookies, it's about tracking. Websites can track you through cookies, through browser fingerprinting, through your IP adres, through your login, through your local storage, and various other ways. They could probably find ways to track you by your mouse movements or how you type, if all other methods were somehow made unavailable.
That websites track you and then sell that data has nothing to do with how long your browser stores cookies. Cookies are just one of many, many ways that websites do tracking.
That's true, but at least then we could rid the internet of all those shitty cookie consent banners plastered all over. Those are almost more annoying to me than some company making a fraction of a penny on selling my mouse movement history to some chump.
You should ask if true privacy is really possible. Cookies are just the tip of the iceberg. Between IP addresses, browser fingerprinting, unique URLs, and the existence of third parties that correlate information across web sites (mainly ad networks) I'm confident it isn't.
True privacy is not possible if websites truly want to track you. The point of the GDPR is ensuring that legitimate companies operating in the EU will refrain from doing so without consent, because it's against the law and the punishments can be pretty severe. Sadly enforcement has room for improvement.
Some US sites may bother, many won't. At a small startup, whenever this was discussed, it was decided we had better things to focus on since we had no paying EU customers.
That websites track you and then sell that data has nothing to do with how long your browser stores cookies. Cookies are just one of many, many ways that websites do tracking.