[TheCoelacanth]

It basically the "I don't have to be faster than the bear, I just have to be faster than you" principle in action.

GDPR violations are so ubiquitous that regulators can't possibly go after all of them.

As long as you aren't a particularly juicy target and are doing the same things that everyone else is to pretend to follow GDPR, you probably aren't going to be among the first enforcement targets.

[kd5bjo]

There's also some cargo-cult legal reasoning going on as well, I think: instead of paying a lawyer to read the new law and tell you what you actually need to do, simply do whatever you see everyone else doing and assume it's fine.

[gingerlime]

But not doing anything visible might actually be better than pretty much advertising that you're not compliant. It might be easy to catch a bunch of sites using a 3rd party "compliance solution" popup banner in one big swoop.