Well, you have to know something about the law to know when it does/doesn’t apply, and this student newspaper apparently decided it didn’t care to invest that kind of time. I think this is understandable for those of us who don’t prefer to study other countries’ laws. Perhaps EU subjects should seek to improve their laws.
Nah. Speaking as an American ex-pat, it's about Americans being offended that foreign laws have heft and import. It pierces the sovereignty bubble. The Internet is home-grown. How dare other nations dictate to us Americans how we run our sites, amirite? We're gonna take our toys and home.
This is a silly, shamefully obvious straw man. No one is saying “Americans uniquely shouldn’t have to parse other countries’ laws”, the argument is “it’s ruggedly impractical for ordinary citizens of any country to parse the laws of other countries”.
Those aren’t cases of “ordinary individuals” and thus don’t apply, but yes the general principle also implies the special case that ordinary non-Americans shouldn’t have to parse American law just to go about their lives.
Foreign nationals contending with extraditions to the US for alleged actions performed while in foreign, sovereign lands is a far more serious problem by any measure than having to protect user data or risk not being able to do business in Europe. But go on with your "No True Scotsman" arguments
The "compliance" is quite simple. Don't do this thing. Don't collect personal information without permission. Very, very simple.
If you do collect personal data,
with permission, it's only slightly more complicated. Let the individuals control their data, including deletion. Don't do anything with it without permission. Again, not hard to understand.
The "morass" is for people who are gonna try anyway. "Well, what about if we bury the permission under exhausting legalese?" No, that's unlawful. "What if we collect it but obfuscate it?" Not without permission. Etc.
So, "compliance morass" is not an argument. It's an extremely simple law.
