[ninkendo]

> you must comply with GDPR

The EU doesn’t have jurisdiction over American companies, there’s no way to enforce this. If your company has a European legal presence, that legal entity may see enforcement, but if you’re an American site operating under American jurisdiction, the EU cannot compel you to do anything. America is a sovereign nation that is not subject to EU laws.

[orwin]

Bear in mind that a case that isn't really clear are advertiser networks who work in the EU. Them collecting EU citizen data w/o explicit permission is illegal, and punishment is enforceable. Candy advertising network push girl the cookie banner?

[SAI_Peregrinus]

The advertising network is then responsible for getting consent. Not the company using the network with no legal presence in the EU.

[wkat4242]

But they can't. Because if the user doesn't consent, the advertising network is not allowed to even be involved.

And most sites don't just use one tracking network but they use many (see some of the convoluted cookie banners where you have to turn off data sharing with several hundred "partners")