(no title)

Define big business here. Coca Cola? IBM? Amazon?

> The truly compliant ones are far less annoying. They all generally need only a single click to refuse consent

No, they yare still annoying. It's still something you are forced to itneract with that diverts your attention.

> It's also essential to actually achieve the goal of protecting the data of people in the EU, much of which is done by companies which are based outside the EU.

The problem is it's unenforceable nonsense and has led to this foolish cookie popup situation.

If they had limited it to entities with a presence in the EU, it would have worked better. At the moment it applies to some malicious Chinese teenager who blatantly wants to collect and sell the data of Europeans who visit his self-hosted low-traffic blog.

> All they would then have to do is change the website's contracting legal entity to a foreign partner or parent company and then they could refuse data subject access requests, track without consent, and so on if the jurisdiction provisions in Article 3 were as narrow as you're advocating.

They can already do that because EU has no jurisdiction outside of the EU no matter what they claim.

Also, we are basically having the same conversation in two places. If you want to consolidate your two replies into just one I would not object.