It's not that easy. Imagine some product owner, PM or exec reviewing a feature that "maybe" or "somehow" encroaches anything remotely seeming like "Personal Information". They freak the fuck out and want to cover their asses by bringing in lawyers. The lawyers want to pad their billing so they make it complicated. The marketers still want their metrics which in all likelihood don't break those laws yet, but because they might, because they use some tool like "Google Analytics" and no one on this entire planet knows how it works or whether it collects something that might be PII, they too get caught under this bus. And to top it all off, there are SAAS products out there now that prey on this "Fear" and happily sell you an overly complicated cookie consent popup banner product. And the cycle continues.