Not literally “all”—they’ve existed for a long time, but until GDPR it was pretty rare except on heavily-regulated EU sites. It’s only recently that the EU has appeared more willing to enforce this on non-EU sites for companies who do business with EU citizens and might someday have part of their business based in the EU. Though I don’t know of many actual enforcement actions, it may be just follow-the-crowd threshold effects: if your competitors are annoying their users this way, you probably should too.
Edit: I wish I’d used this opportunity to introduce the term “cargo-cult regulatory compliance”. I think worth a deeper exploration of the complexity of the modern regulatory world and the sheer quantity of “follow the crowd, rather than understanding the written and unwritten requirements” that exists.
Not literally “all”—they’ve existed for a long time, but until GDPR it was pretty rare except on heavily-regulated EU sites. It’s only recently that the EU has appeared more willing to enforce this on non-EU sites for companies who do business with EU citizens and might someday have part of their business based in the EU. Though I don’t know of many actual enforcement actions, it may be just follow-the-crowd threshold effects: if your competitors are annoying their users this way, you probably should too.
Edit: I wish I’d used this opportunity to introduce the term “cargo-cult regulatory compliance”. I think worth a deeper exploration of the complexity of the modern regulatory world and the sheer quantity of “follow the crowd, rather than understanding the written and unwritten requirements” that exists.