Should US companies that run websites comply with EU cookie regulations?
GDPR cookies regulations apply to all member states of the European Union and websites outside of the EU that target people within EU member states. However, in accordance with Article 3 of the GDPR, if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR. In other words, even if you do not directly target an EU citizen, collecting personal identifiable information of an EU citizen makes you liable under GDPR regulations. Therefore, the sensible approach for US companies that operate websites in the US and other countries outside the EU is to ensure that they have an appropriate cookies policy and a mechanism to enforce it.