You can force multinational corporations to do things by not allowing them into your own market if they don’t follow certain rules. The US does it all the time, so does Europe.
GDPR is a law, not a corporation and is a recent attempt at enforcing something, and spectacularly failed at that.
Almost all eu-foreign enterprises ignore it entirely or don't actually adhere to it, even after showing a big pop-up claiming they do.
And the multinational corporations just started to hide their tracking better. For an obvious example: chrome includes a 24 bit unique identifier per installation to track you and instead of saving your PII they just build a nrr to "predict" them. Such a success, indeed.
What’s your exact point? Are you trying to say that laws don’t work and nothing can be done so it shouldn’t be tried? I don’t understand what you are trying to say.
