I recognize my memory was a bit hazy, because I forgot that it the law seems to encompass other forms of storage, and not only cookies. At first I was looking for alternatives to Cookies, and I had found that IndexedDB seems to have an overall good support across browsers.
But, as I read about the spirit of the law, as indicated in this StackOverflow answer, I understood that it may be interpreted to only imply personal identifiable data, and not about personal or session preferences. So, other forms of storage of state are covered under the law, but the opinion is that it wouldn’t be a breach if no information is being transferred.
I think it may be better to err on the safe side, and perhaps just change the style directly.