You need policy pages on your site, the GDPR made sure you can’t do business with any country in Europe without complying to a bunch of related regulations.
But you don’t want Google or other search engines scanning them.
I’ll repeat my favourite search engine optimisation refrain:
At its most basic, SEO is all about reinforcing your core content with search engines.
We’re distilling core messages to then feed to search engines in the format they’re looking for. So it’s important our message is clear.
Policy pages (cookie, privacy policies, etc.) are very rarely about the same subject as your site. They’re legal boilerplate, not helping to reinforce your product or service.
In many cases (depending on how you sourced them) they’ll be nearly identical to other policy pages on the web too – with just small changes like the name of your company swapped out.
So don’t muddy the waters with them; mark them as noindex.