[AppSec]

I really wonder how much of that is because the EU is made up of many countries and these countries want to protect their own. It's kind of similar to how the breach disclosure rules are significantly different from state to state.

The other thing that I wonder is how much of the US not having the strict laws is due to Corporate Personhood. I honestly don't know, I'm just throwing it out there.

[anigbrowl]

On corporate personhood - not a big favtor as far as I know. It exists in a lot of European countries much as it does here. A lot of the EU rights are rooted in the social contract ideas of Rousseau and the like, tempered by experience of war, the iron curtain and so on.