[ransom1538]

"claiming you have to obey Libyan laws and regulations"

I always smile when bosses want everything to be GDPR compliant. I am not sure why these laws are more important than the laws from the Chilean Navy. Why are we clicking on cookie popups? We think the EU is smarter than the PII laws from Cameroon? Elitism I say. My websites follow strict guidelines set by proper Constitution of Cameroon doctrines. Every fourth visit to my site we dump all contents in html form (obviously).

[wafflemaker]

> Why are we clicking on cookie popups? Because people want to track us to make money from invading our privacy? You don't need a cookie consent banner if your cookies are needed to serve the client with your service. You can do analytics without cookies. So to answer your question - Why are we clicking on cookie popups? Because website owners don't want to stop selling your privacy and now have to inform you about it.

[askvictor]

> GDPR compliant. I am not sure why these laws are more important than the laws from the Chilean Navy.

Purely market size. Europe is a large market. Same reason that just about every product is labelled with 'known to the state of California to cause cancer' - California is a large market.

[swores]

Not purely market size, though it's a very important part for sure.

The other part is how likely a country is to try to enforce their laws, and what ability they will have to do so.

Even if a hypothetical US company had an equal number of customers & revenue in Chile as in the EU, if either the Chilean law being broken is one that Chile never bothers to prosecute, or if the worst thing they could do should they find out about the law breaking is to block the service at a national firewall level but not levy any punishments (say, if the US company has no staff or assets in Chile, and the crime has no possibility for extradition or other international collaboration to punish) then the company would be a lot less likely to comply than they are with GDPR. Because most US companies aren't able/willing to serve EU customers without having servers, employees, and revenue, physically in the EU; therefore the worst case for getting caught breaking GDPR is considerably more worth avoiding than if it would just be the EU blocking access to your servers.