Yeah, speaking as a European tech lead; GDPR was a pain in the butt a few years ago when it was introduced - and all client websites had to be retroactively fitted with cookie systems, routines had to be implemented, stuff had to be learned, etc.
Once sites are planned with it in mind from the get go it's really no big deal, and huge for the end user.
For a wiki farm like Miraheze, GDPR/CCPA/etc compliance is fairly easy. MediaWiki collects fairly little personal data about users, and there are well-defined methods for the site operator to export or delete that data if a user requests that they do so.
Besides, that all kicked in years ago. It's not a new concern.
Cookies were regulated by the ePrivacy directive back in 2009. The case raised above is about someone who had access to see the users' IP address. Handling training and authorisations for people with access to personal data is an ongoing job, not something you do once and forget.
Once sites are planned with it in mind from the get go it's really no big deal, and huge for the end user.