A cookie is not a PII identifier, it is an "identity discriminator".
In other words cookies let them tell you the _same_ person 104898 that was already here in March, welcome back!, and not any other person e.g. 298472, but without telling them your actual name etc.
In contrast, a PII identifier is a unique ID that is linked to personal attributes in real life like a person's name ("John Doe"), address ("6400 Boulevard Court, Beverly Hills, CA"), e-mail address ("john.doe@acm.org") or credit card number ("VISA 4879 5223 6537 9935").
So, this is indeed different from visiting a Website that places a cookie.
I'm curious where that number came from. It passes the Luhn check so it probably isn't just some random number, and has the right first few digits for Visa but doesn't match any of the Visa test card numbers that I happen to know.
Looking up the issuing bank from the first 6 digits gives inconsistent results. Half of the several BIN lookup sites I tried just say it is from the US. The other half say it is from Blom bank in the country of Lebanon.
Googling it gives me a small number of sites about "unlimited credit card numbers that work 2022" which seem quite shady but I can't quit figure out what the heck that are actually trying to accomplish.
PII is never black or white. "_same_ person 104898" will become PII at any moment when the site can collate it on a one-to-one mapping with some other PII of yours (e.g. your email or login).
From GDPR Recital 30: "Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them."
So your Apple ID becomes PII for a specific site at the precise instant you share any other PII to that site, that they are able to link to the Apple ID.
In other words cookies let them tell you the _same_ person 104898 that was already here in March, welcome back!, and not any other person e.g. 298472, but without telling them your actual name etc.
In contrast, a PII identifier is a unique ID that is linked to personal attributes in real life like a person's name ("John Doe"), address ("6400 Boulevard Court, Beverly Hills, CA"), e-mail address ("john.doe@acm.org") or credit card number ("VISA 4879 5223 6537 9935").
So, this is indeed different from visiting a Website that places a cookie.