It's done all the time. And a reason why e.g. in the US or EU sites, domains, accounts and whatnots will be blocked or frozen for CP, whereas that (type of) CP may be legal in the place where the distributor is based.

While that's an entire different scale as "didn't display cookie banner" the mechanisms are the same and in place. If the EU finds privacy infringement important enough the infringer will be warned than fined[1]. I'm no lawyer, but I would expect that when a company doesn't pay that fine, they'll ultimately be prohibited from doing any business in the EU. e.g. through blocks, frozen accounts and such.

[1] https://commission.europa.eu/law/law-topic/data-protection/r...

Fortunately for us, Facebook voluntarily opened subsidiaries in EU countries so extradition is not necessary!