I'd say rather that outside the EU, privacy isn't often prioritized or enforced by law, to Prof. Dans original point.

Germany's strict and aggressive GDPR legislation (https://gdpr.eu/) back in ... 2016 (?) really set a high bar for corporate accountability (and created an entire industry for monitoring and ensuring compliance).

Here in the U.S. "progressive" states like California have followed suit with their own laws, but a unifying Federal statute has yet to emerge, making compliance with the patchwork of state laws quite complex.