afaik gdpr is valid for eu citizens that are in other countries too, including us. US ofc wouldn't do a thing, but EU can act on your business in their land. That's why cookies are everywhere - websites can't know if you are eu citizen or not.
Another problem is that - if you don't use cookies for ads/tracking, you don't need a banner but many websites are ignoring this
Another problem - imo gdpr should have been adapted to enforce some http header with auto-response so that the banner wouldn't be needed
>"That's why cookies are everywhere - websites can't know if you are eu citizen or not."
An excellent point!
Websites can't know if someone is a citizen of country X, country Y, country Z, or even no country (indigenous people, sovereigns, legal constructs, AI's, international groups/associations, companies domiciled in space, other actors/legal constructs, present and future, etc., etc.)!
That is, they cannot know implicitly, without being explicitly given the appropriate information, if someone/something (non-human actors and/or legal reprentatives) accessing a website are citizens of a given country -- or not!
Now websites can do what many courts do, rightly or wrongly, and that is to presume an arbitrary citizenship/jurisdiction for a given website visitor (or visiting actor -- whatever is on the other side of that HTTP/S request)...
But will that be the correct presumption to make in all cases?
Probably not!
So perhaps the future needs a way for visitors to set in their browser (or by some other mechanism!) -- their citizenship and/or jurisdiction!
Of course, then we'd get into some weird scenarios like "what if website X in country Y decides to decline people who have set their browser to "I'm a citizen of country Z" -- sort of like the equivalent of a limiting country's physical immigration policy -- but for HTTP/S requests...
If the HTTP/S requests are not in the citizenship/jurisdiction of a whitelist specified by each website, then, "no HTTP/S response for you!" (Sort of like the HTTP/S version of Seinfeld's Soup Nazi -- "No soup for you -- come back in 1 year!" :-)).
Of course, the whole set of ideas I've outlined above, were they to come to fruition in the future -- sort of would violate the spirit of openness, trust, and good faith that was present in the early World Wide Web...
Remember that the early World Wide Web was built in such a way that all HTTP requests were answered with no need to provide a password or other credentials, no need to accept cookies (the early WWW / HTTP didn't have them!) and could be contrasted with FTP sites of the time which did require passwords (although many would be set to allow username "anonymous", password "anonymous" logins).
That is, the early WWW / HTTP -- was a passwordless, cookieless, loginless, "just give me the information", information-passing protocol, which in its earliest incarnations served academics (no one else had access to the Internet at that time!) who only wanted to share academic infomation (papers and the like!) with other academics, regardless of their country, jurisdiction, or their acceptance or rejection of any potentially access-limiting and resource denying cookie!
