why do you think gdpr hasn't been challenged more aggressively in US courts on its extraterritorial reach?

how does gdpr have extraterrestrial reach? if something were to be challenged in US courts shouldn’t it be ccpa?

by just having a website openly available on the internet you fall under gdpr, even if you aren't based in the EU or make any money? not here to defend the ccpa I don't know much about it, but from reading the wiki at least it includes stipulations like "doing business in california" and "gross rev > $25m" etc

i totally get you re: headaches. source of confusion seems to be in basic assumption about “website on open internet”. gdpr assumes that if an EU citizen is accessing your website, where you store personal data (backend/cookies) they need to be protected. if you’re just stateless f/e, don’t need to worry afaik

don’t use cookies/storage for wallet and you should not have to worry about gdpr. not legal advise ofc. crypto frontends have an entire new MiCA regime to worry about imo. if you ask a lawyer, they’ll always give the most onerous plan b/c criminal (not just civil) law suite risks and $$$s they make