On the other hand, many, many websites do show me an obnoxious banner that I have to acknowledge every time.
Why did they decide to put it up? Does it matter if they aren't an EU based website? What is the consequence of not putting up the banner / pop-up? Has anyone been taken to court for violating GDPR because they didn't put tell their users that they'd be serving up cookies?
Not every website is subject to GDPR - applicability is determined by GDPR Article 3[2]. When a site is subject to GDPR - you need a legal basis to process personal data[3] subject to Article 6[4]. Sites which use the 'consent' legal basis, thus get consent with a banner.
If you do not have a valid legal basis (such as consent) to process data, but are found to be - complaints with the relevant Data Protection Authority may be lodged and investigations may be carried out subject to Article 77[5]. In the event of an adverse decision corrective action, including fines may be levied. There are two fine structures in the GDPR, and those can be found in Article 83.[6]
Now, a site can use geofencing, to determine if you are in the EU (or other relevant location) and selectively show you a banner or not based on your believed location as is determined by a reverse IP Address lookup.
You may be re-prompted between visits depending on if the persistence mechanic you select is maintained. Some browsers delete cookies aggressively[7], and if the preference cookie is removed by the browser you will likely be issued a banner on the next visit to re-establish your preferences.
[1]https://gdpr.eu/cookies/ [2]https://gdpr-info.eu/art-3-gdpr/ [3]https://gdpr-info.eu/art-4-gdpr/ [4]https://gdpr-info.eu/art-6-gdpr/ [5]https://gdpr-info.eu/art-77-gdpr/ [6]https://gdpr-info.eu/art-83-gdpr/ [7]https://webkit.org/tracking-prevention/
It can already be quite expensive to make rejecting the cookies too difficult: https://www.bbc.com/news/technology-59909647
After that Google fortunately turned their monstrosity of a UI maze into a single click.