Yeah but in the EU/UK I'm not sure people sue for this kind of thing. The US is different. In the UK we don't really have class actions, you can only sue for the damage caused to you which in the case of a website like this isn't going to be much and legal fees are expensive making the whole thing not worth while.
Any UK examples? I haven't heard of it though it's not really my field. If you are worried you can always set up a ltd company which is quite cheap and quick in the UK (like £40, same day - company bank account longer).
I am an architect for a company that does ABM, B2B ads, so I am well versed in the subject. We had to move all of our PI data in the raw form to a different AWS account, and only certain individuals with "legal" clearance can access it. This forced us to re-architect almost our entire stack, and rethink our main API.
The whole thing was a massive endeavor that took a whole engineering team two quarters. If this was three years ago, when we were less than a dozen engineers, we would have most likely thrown the towel and forego cookies and business in the EU altogether.
