[JoshTriplett]

To which the entirely reasonable response from anyone without a legal nexus in the EU (or physical products to ship) is "we don't care and you have no legal right or ability to enforce that". And the entirely reasonable response from anyone thinking of creating a legal nexus in the EU without an extremely business-critical reason is "let's stay in our own country where it's safer and we only have one jurisdiction to care about".

For the record, when I build services, I personally don't intend to ever keep any records that aren't absolutely necessary to provide the service. That's a personal decision, a voluntary one, and also one that can be marketed to certain customers, though that isn't the reason. I also believe that if you send data to a website then it becomes subject to whatever terms they want to apply to it, and if you don't like how they use your data then don't send it to them, and block them.

[kuschku]

That'll get you an interesting interaction with your bank, which does want to have a branch in the EU, so they'll simply comply and freeze your accounts if the EU requests it.

The US has forced its laws on other countries in this way for decades, always to protect profits, it's great that now another actor enforces its laws the same way, for the public.

[arkh]

And the "reasonable" response to this is to act like China: block those services. China showed it is possible so now the "lol it is Internet you can't stop people accessing things, VPN, crypto blablabla" spiel is proven to do jack-shit for services which need a lot of people and their data.