At least here in the EU the ePrivacy directive and to a lesser extent the GDPR generally require that cookies have a limited lifetime depending on their function, to eg. prevent companies just attaching a stable identifier to every random passerby essentially forever. @Sunny, if you’re feeling particularly mildly infuriated you could email the German Data Protection Authority, there’s a good chance the cookie could attract the Eye of Sauron