If the user visits foo.de they obviously expect that some data is transmitted to foo.de
They also might know that companies use service providers and therefore necessary data might be shared with 3rd party companies (which is fine according to the GDPR).
However the user can also expect that that a) foo.de minimizes data transmissions and b) 3rd parties conform to the GDPR rules (which Google can't).
If the user is logged in to Google (e.g. for Gmail) Google would be able to connect the user with foo.de with a high likelihood. This in turn might expose the users behaviour to automatic analysis by foreign government agencies without any legal oversight (since the user most likely isn't a US citizen)
If the user visits foo.de they obviously expect that some data is transmitted to foo.de
They also might know that companies use service providers and therefore necessary data might be shared with 3rd party companies (which is fine according to the GDPR).
However the user can also expect that that a) foo.de minimizes data transmissions and b) 3rd parties conform to the GDPR rules (which Google can't).
If the user is logged in to Google (e.g. for Gmail) Google would be able to connect the user with foo.de with a high likelihood. This in turn might expose the users behaviour to automatic analysis by foreign government agencies without any legal oversight (since the user most likely isn't a US citizen)