GDPR has little to do with this. People use site cookies to remember sessions and not have to login again, etc. I’d guess most browser users use and want to use this functionality. If you’re fully opting out to not even have persistent sessions, I’m guessing you’re in the far minority of users here.
I’m not aware of any non-trivial readily available built-in encryption for cookies. There are easy to find libraries that exist to just pull out cookies (stored locally including session tokens).
To clear up a bit more misinformation from your response: this is an offline feature. The data doesn’t go back to Microsoft. It works even if your computer is disconnected from the internet. If you consider their word to be a lie on this part, that’s you’re right to believe, but until proven, isn’t a fact.