This is so against the basics of GDPR,
all these webshops that participate risk fines for non compliance from the moment a EU citizen is being tracked. Even if these are US companies they need to comply
I experienced this kind of behavior from a UK-based company. This wasn't even necessary, because I already bought something pricey from them and just tried the checkout flow again just to show my friend the shipping prices.
I complained to their data protection officer, who basically fobbed me off and told me they did nothing wrong. A few months down the line I finally found the time to recap everything and collect the proof and complaint to the ICO?
Their response? They threw the complaint away on a technicality because it's been more than 3 (or 6, can't remember) months since my last contact with the company despite them persisting with the behavior.
> Even if these are US companies they need to comply
Only if you have an office in the EU.
Not any more than US companies need to comply with arbitrary Chinese laws, or Japanese companies need to comply with arbitrary Saudi Arabian laws. Why does the EU have special status in being able to impose laws on the US?
The EU can feel free to block the website if they don't like it. (But we know their citizens would throw a riot if they started censoring the internet, sshhh...)
However, independently of GDPR, I agree that it's wrong and that you shouldn't be saving contact information by deception. You'd lose me as a customer if you did that.
I complained to their data protection officer, who basically fobbed me off and told me they did nothing wrong. A few months down the line I finally found the time to recap everything and collect the proof and complaint to the ICO?
Their response? They threw the complaint away on a technicality because it's been more than 3 (or 6, can't remember) months since my last contact with the company despite them persisting with the behavior.