Europe commissioned a new law called GDPR in 2018. It gives EU citizens control over who collects their personal data and how it’s handled. The pop-ups on websites seeking permission to gather and access your data result from the compliance need the act has imposed. Companies globally (if interacting with EU citizens) are subject to GDPR rules with onerous fines for non-compliance. GDPR definitions were clear on data protection until blockchains became mainstream, and a few use cases challenge the boundaries of technology and regulation.
Companies storing your data are called data controllers, and those that work with your data are called data processors. The data controller is usually also the data processor, but they could be different entities. The data controller is the entity responsible for GDPR compliance and if the personal data of EU citizens are involved, including for non-EU companies (e.g., Microsoft (NASDAQ:MSFT), Meta, etc.).