I don't really oppose gdpr but one of the reasons I vehemently opposed implementing GDPR at my former job is that we were not operating in the EU. Well, we had customers there, but we were an American company operating with American severs. GDPR sets another precident that other countries can make laws about what people from other jurisdictions can do..
Our lawyers said "Do it anyway, just in case".
The side effect of these very many different local regulatory bodies is you start trying to comply with multiple laws, some that can conflict each other - and this costs not just time and money, but the rigidity to stand up and say "No, our elected leaders have decided what the laws of the land are, and we follow them".
And the thing is, many countries do not have good faith laws. The majority of the people in the world live under what Americans and the EU, and the West would call lacking fundamental human rights. Some of these laws are plain BAD (hell, the US and AU even have our own bad internet laws) and some are EVIL.
Google routinely complying with the Chinese government is a great example of them wanting to take the cash first and ask questions later (or not at all). I don't want to work for that company.
I don't really think being a good 'worldwide' citizen can exist when there are conflicting views held by governments about what is right. The fact is some governments are objectively etter than others
I don't really think we aught to be involving ourselves at all with Russian officals, apparatjiks or other government bodies - but we find ourselves in this situation again, like GDPR, Russian officals have set certain rules about how data for russian citizens needs be held.
Of course Russia has no grounds to sue me in America and if it did, do you think a judge would enforce our compliance with laws that hold no water in our countries? Of course not.
Russia wants russians data - on russian servers in russia. The fact is they're probably mostly interested in being able to physically seize - without any due process - russian citizens data from servers which all happen to be in russia. It's a smart law if you're interested in putting people in gulags.
I'd rather lose all russian customers, and also all of the customers in north korea, or whatever else despotic governments that exist that think they can exert pressure on independent companies who don't operate under their jurisdictions and not have to worry about what bullshit they'll come up with next.
*None of this to imply that the US and EU, Australia, Switzerland, etcdon't have a bunch of questionable laws and procedures that might not be quite fair or free either, but the world ain't perfect*
What happens next is country X decides you must do one thing, and country Y decides you do another, and you come to TECHNICAL problems and BUSINESS problems and ETHICAL problems trying to comply with both.
If you're not in the EU, do not even bother with GDPR.
Not random texts I claim no copyright. Random texts, I do not claim copyright.