Hello,

What people should do who are not from US?

Technically, it doesn't matter if you are outside the USA or not. The same way as the European GDPR, you are liable no matter where your business is installed. Even if the risk is rather low, to be sued by the state of California, or EU, it 's still possible. China has also something beyond borders, but this is the opposite, you have to collect Chinese users personal information if you don't want to risk troubles.

Should I choose not to share my information?

It depends. You can decide to collect the explicit consent from your visitors, if so "no". But I doubt you are going to do it. So the safer is to disable the information sharing.

Technically, it doesn't matter if you are outside the USA or not

Yes it does.

The same way as the European GDPR, you are liable no matter where your business is installed.

No you are not.

You cannot be expected to follow the laws of a country in which you do not reside. What this means concretely is the EU or California can seek a judgement in their courts against you but they will be unable to enforce that judgement, unless your country of residence has some sort of an agreement with them. Now if you are like Google or Facebook and have a business entity established in one of these territories then that is different, that business entity must abide by the laws.

It is worth noting that there is nothing preventing the authorities in these territories from trying to go after you legally, even with knowledge that they have no legal grounds to do so. The problem for you is that just by them trying to seek judgement against you will be forced to incur significant legal expense to defend yourself, and that in and of itself (as a small business or individual) could be sufficient to either close you down or force you to comply with their wishes. It is unlikely that they would do such a thing for minor infringements, but if you egregiously start breaking their laws then it may be a whole other issue.

Also consider that they do not have to come after you directly, they can go after "service providers" or "revenue providers" that you depend on, such as your cloud provider, registrar, Google, AdSense etc...

In conclusion not residing in the EU or California does make a difference, but it does not shield you completely. As to the question "what should I do?" only you can answer that question as it really depends on your business model and the level of risk you are willing to take.

I manage a lot sites. But own only a handful number. And my main traffic from US is from East coast- Ashburn, NY, Washington, Boston (80% give or take). So, should I just select the option by which personalized ads will not be shown?

You cannot be expected to follow the laws of a country in which you do not reside

Unfortunately you can. Extraterritorial jurisdiction is not new and the US has laws that apply in the same way (I'm mostly aware of those that apply to finances and corruption, where as GDPR is about citizen protections. Same principal though) . The fact that many large US companies without and EU presence are working to GDPR compliance suggests that their legal teams see it as relevant. .

Unless you are a massive publisher the EU is not going to come after you. However they are looking to enforce compliance by putting pressure on the platforms. Google, as an obvious example, is under pressure to ensure compliance and is passing that along to publishers. Publishers outside of the EU (or rather the EEA) who ignore the regulations are unlikely to get dragged to course in Brussels, but might find themselves without access to Google products. We have seen multiple "Comply or be terminated" notices being set to publishers by Google. There was a flurry of these last year, but it seems to have gone quiet on that front for now. I'm fully expecting another round before long.